Malware that can spread through Twitch’s chat feature will try to bleed your Steam account dry, according to security software maker F-Secure.
The malware originates from an automated account which, according to F-Secure, “bombards channels and invites viewers to participate in a weekly raffle for a chance to win things such as ‘Counter-Strike: Global Offensive’ items”.
When you click on the link, a Java program will open up a phony raffle entry form.
Once you fill out and submit the form, the malware installs and runs a Windows binary that can gain access to your Steam account.
The program then empties the target’s wallet and sells off any valuable items they may have bought or acquired.
“This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry,” F-Secure says.
“It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster.”
Twitch, which was recently bought by Amazon for $970 million, has instructed users to beware of what links they click and where they’re being directed.
It is advised to avoid giving information to anyone that posts links in Twitch chats or direct messages.
Twitch has also advised all broadcasters/streamers to disallow links from being posted in their chat windows.