Look out! Twitch malware empties your Steam account

By the time it's done, your inventory will be bled dry
Look out! Twitch malware empties your Steam account

Seems someone has managed to 'game' Twitch's stream. A Twitch bot has been spamming feeds, inviting gamers to participate in raffles that would net them special items.

F-Secure highlighted the exploit on its blog, putting up screenshots of the items offered up to gullible gamers. After filling up a form, the unsuspecting user would not realise that in actuality it was a Java program used that will take the participant's name, email address and permission to publish said name.

 

Say goodbye to your gaming goods

Look out! Twitch malware empties your Steam account

While you think you've entered a raffle, what is happening behind the scenes is that a Windows binary file is secretly hacking into your Steam account.

Once inside, the malware will then use your Steam account to do the following:

  • Take screenshots
  •  Add new friends in Steam
  •  Accept pending friend requests in Steam
  •  Initiate trading with new friends in Steam
  •  Buy items, if user has money
  •  Send a trade offer
  •  Accept pending trade transactions
  •  Sell items with a discount in the market

The program will then sell off your items, while the more valuable ones will make it to what is assumed to be the hacker's own Steam account to be used or traded. What is genius about this hack? Is that it works by using the victim's PC and thus circumventing Steam's mechanics which is to prevent unauthorised usage on a different PC.

What F-Secure suggests is that Steam kick in a mechanism to alert users when too many trades are happening with a newly-added account or traded items are being sold for far too low a price.

Twitch has responded to the malware report by blocking links sent by the Twitch bot and advised its users not to click on unverified links.

READ MORE: What else is new in the world of games?

[Source: PCWorld]