The malware was first reported by a Finnish security firm F-secure.
The unusual kind of malware “Eskimo” will dry out your Steam account wallet, armory, and inventory, according to F-Secure.
Twitch acquired by Amazon after Google’s failed bid, has approximately 50 million users who are paying $970 million in cash.
Live streamers, who pockets money through viewer subscriptions, often operates bots in the chat area of their channels to stimulate donations, attract followers and announce promotions.
F-Secure informed about a Twitch-bot account that flood channels and invites viewers to a weekly raffle for things like “Counter-Strike: Global Offensive” items.
“The link provided by the Twitch-bot leads to a Java program which asks for the participant’s name, e-mail address and permission to publish winner’s name, but in reality, it doesn’t store those anywhere,” it said ().
Once you fill out and submit the form, “Eskimo” can take screenshots, accept pending friend requests in Steam, initiate trading with new friends, add new friends, buy items, send a trade offer, accept pending trade transactions.
The concept is simple that the attacker get access to sell uninteresting items from your account, then buy themselves more interesting items.
As all of the fraudulent activity takes place locally, on the victim’s computer, F-Secure suggests that Steam add new security measures “for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold.”
Also simply, don’t click on strange links appearing in Twitch chat and be safe.
“It might be helpful for the users if Steam were to add another security check for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold. This will lessen the damages done by this kind of threat,” it said.
If you are one of the victim, try contacting Valve customer service, they might be your last hope.