This article is more than 1 year old

Beware geeks bearing gifts: Steam-draining nasty spreads via Twitch

Eskimo infection will drop you right Inuit

Infosec bods are warning of new malware spreading through game-streaming web hit Twitch: the software nasty subverts Steam accounts to drain player's wallets, and could take away all their precious weaponry.


I've got 99 problems but a Twitch ain't one

The malware spreads by bombarding users of Twitch's chat feature with links to a raffle for special kit used in the popular first-person shooter Counter-Strike: Global Offensive. Clicking on the proffered URL opens a Java application that claims to record the player's name and email address, and asks for permission to publish winner's name.

In fact it does none of this – and instead drops a Windows binary file onto the user's system to execute. Security biz F-Secure, which first noted the malware, has dubbed it Eskimo, and the rogue code searches for Steam accounts that may be present on the infected Windows system.

Eskimo allows its masters to buy items from the Steam account, sell the user's existing armory on the community market, accept new friends in the gaming market, and trade items between friends.

"All this is done from the victim's machine, since Steam has security checks in place for logging in or trading from a new machine," said F-Secure Labs in an advisory.

"It might be helpful for the users if Steam were to add another security check for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold. This will lessen the damages done by this kind of threat."

A spokesman for Amazon-owned Twitch told The Register that the firm has had one user contact them about the issue and it's not considered a widespread problem, although the company is taking steps to limit the spread of the malware.

"Security PSA: Do not click the 'csgoprize' link in chat. This is a phishing attempt to install malware and compromise your Steam account," said the firm's technical support team on Twitter.

"We will work to block that link, but be aware that variants could appear. In general, you should be wary of any links in chat." ®

More about


Send us news

Other stories you might like