A new piece of Malware has been found in Twitch that has the potential to wipe the users Steam wallet and hijack its inventory.
The scam starts with an invitation to a raffle. When the user inputs their name and email, the Malware begins doing its dirty work, adding new friends to your friends list, and buying and selling items.
Twitch support acknowledged the malware in a tweet sent a few days ago, informing users to specifically avoid the “csgoprize” link in chat, which is how the the Malware infects your computer.
Roy Tobin, a Threat Researcher at Webroot, said it was common for popular sites to be targeted in this way.
“There are so many popular social platforms for cyber-criminals to choose from and an easy way for them to target naïve users is to create themed scams,” he explained. “We have seen a number of these types of droppers lately but not in huge numbers; however any type of popular media site will eventually be hit in this way.”
Roy Tobin said that a few simple steps would help protect users in general.
“If something looks too good to be true, it usually is,” he said. “It all comes back to user education, not clicking on links and not executing unknown files. We have seen similar infection routes with embedded comments on YouTube videos and even Facebook comments. Since they originate on known sites, people can be lured into a false sense of security.”
But come on guys and girls — you are all way too smart to get sucked into this kind of junkware, hijackware, greyware even malware, right?
OH LOOK I JUST WON A $1 MILLION! All I have to do is click this link…