Don’t Click Any Links – Twitch Chat Contracts Malware

Twitch Malware

The massively popular (which had recently been bought by Amazon) has seen a strain of malware infecting various computers through the chat feature called “Eskimo.”

Holy Crap Seriously?!

Unfortunately yes. Finnish online security company F-Secure noticed the issue when a user reported a scam being circulated as an ad on the Twitch chat feature.

The Twitch-bot will spam a channel with invites to win items in a raffle , but the provided link, when clicked on, will guide users to a Java program. The program provides fields for the use’s name, email and permission to publish their name and once the information is entered, users are presented with the following: “Congratulations, you have joined this week’s raffle. We will contact you by email if you win!”.


Well, That Doesn’t Sound Too Bad, It Just Gets Some Of My Personal Info

Think again.

The malware will drop a binary file which executes to perform the following commands:

  • Record screenshots
  • Accept friend invites in Steam
  • Accept pending friend requests in Steam
  • Activate trading with any new friends
  • Buy items, if there is money in the wallet
  • Send out a trade offer
  • Accept any trade transactions currently pending
  • Sell items with discount at the market

Reports suggest too that the trades are funneling items to an account called Youni.

Oh God, My Wallet?!

A simple solution to this issue is don’t click on anything you’re unfamiliar with, a principle related to any spam email you get. If you’ve already had your items traded away, please contact Valve support for help.

Jon Bio Card

Jon Schear is a part time gamer, full time graphic designer and when he finds time for it, wannabe digital artist. He also drinks PBR and plays WoW…don’t judge him. 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: