Cybercriminals Attack Amazon's Game Streaming Site Twitch
Will Amazon flinch over what security researchers are calling a “twitch of fate”? The e-commerce giant has plenty to flinch about, given malware has invaded Twitch Interactive, a live video platform for gamers Amazon acquired for nearly $1 billion in August.
Cybercriminals hit Twitch with a malware attack that can spend its users’ money. And Twitch has plenty of users to wipe clean. In July, over 55 million unique visitors viewed more than 15 billion minutes of content on Twitch. That content was produced by more than 1 million broadcasters -- including individual gamers, professional players, publishers, developers, media outlets, conventions and stadium-filling sports organizations.
Put another way, cybercriminals see the same mass potential to generate income by deploying the malware on Twitch as Amazon saw when it decided to buy the innovative platform. Amazon was not immediately available for comment and has not offered a public statement on the security issue. However, a Twitch spokesman told The Register only one user has been in touch about the issue. Although the company said it does not think the issue is widespread, it is taking steps to limit the spread of the malware.
Have You Been Had?
“We recently received a report from a concerned user about malware that is being advertised via Twitch's chat feature,” security firm F-Secure, which first reported the malware, said in a security alert.
According to F-Secure’s report, here’s how it works: A Twitch-bot account bombards channels and invites viewers to participate in a weekly raffle for a chance to win things. The cybercriminals tempt gamers with "Counter-Strike: Global Offensive" items such as an M9 bayonet. The problem is, clicking on the link doesn’t offer a welcome gift.
“The link provided by the Twitch-bot leads to a Java program which asks for the participant's name, e-mail address and permission to publish winner's name, but in reality, it doesn't store those anywhere,” F-Secure noted.
Victims of the fake giveaway see a message that reads, “Congratulations, you have joined this week’s raffle. We will contact you by your e-mail if you win!” But that’s just the beginning of the nefarious scheme. After victims see this message, the malware installs and executes a Windows binary file.
The Buying-Selling Strategy
F-Secure reported the that malware can perform a number of commands, including: taking screenshots; adding new friends in Steam (a platform that offers instant access to over 3,500 games that also stores purchased credits); accepting pending friend requests in Steam; initiating trading with new friends in Steam; buying items (if a user has money in his account); sending a trade offer; accepting pending trade transactions; and selling items with a discount in the market.
“This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry. It even dumps your items for a discount in the Steam Community Market,” F-Secure reported. “Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster.”
Selling “uninteresting” items allows the cybercriminals to pile up enough money to buy items they really want. The interesting items are then traded to an account possibly maintained by the attacker, F-Secure noted.
“All this is done from the victim's machine, since Steam has security checks in place for logging in or trading from a new machine,” F-Secure reported. “It might be helpful for the users if Steam were to add another security check for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold. This will lessen the damages done by this kind of threat.”