Malware Campaign Targets Twitch

The video-gameplay streaming site, recently acquired by Amazon for nearly $1bn, has been targeted by a scam that can empty Steam accounts

Security experts have warned of a malware campaign targeting users of Twitch, the video-gameplay streaming site recently acquired by Amazon for nearly $1 billion (£597m).

The social-networking site, which allows users to stream videos of themselves playing video games, is available on consoles including the PlayStation 4 and the Xbox One, and has more than 55 million unique monthly viewers.


Chat targeted

The malware appears via the site’s chat feature, where an automated account “bombards channels”, inviting viewers to join a weekly raffle to win gaming-related items, according to Finnish security firm F-Secure.

A link leads to a Java programme that asks for the participant’s name, email address and permission to publish the winner’s name, but this data is not stored, the company said.

After a user has filled out the form, the programme installs and runs a Windows binary file that accesses the user’s Steam account – Steam being a gaming platform that offers social-networking features, with 75 million active users. The malware is able to take screenshots, add new friends, buy items and sell items at a discount, among other features, F-Secure said.

“This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry,” F-Secure said in an advisory. “It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount.”

Acquiring Steam items

The sales are intended to allow the attacker to gather enough Steam funds to buy items that are then traded to another account, possibly maintained by the attacker, according to F-Secure. This activity occurs on the user’s local system, bypassing Steam’s security measures.

The company said it has seen multiple reports of such trades on Steam’s forums.

Twitch said in a statement that it has now blocked the malware link in question, and said it advises users to avoid clicking on links from people they don’t know, “just like they wouldn’t do on any other social media sites”. Twitch said it allows broadcasters to block links from appearing in chats.

The company said this was the “first instance” it had seen of such an attack.

Are you a security pro? Try our quiz!