Amazon's £600m Twitch gaming site hit by malware

News by Tim Ring

The online gaming platform, which is now owned by Amazon and has more than 55 million monthly viewers, has been infected with malware that spends users' money without their permission.

Meanwhile, in a possibly related attack, the Steam online gaming shop has been hit by a new Trojan bug, as hackers continue to target the lucrative billion-dollar video gaming market.

The problems at – which Amazon acquired last month for around £600 million - are revealed by Finnish security firm F-Secure in a 12 September blog.

F-Secure has found a ‘Twitch-bot' sending phishing messages across the site's chat forums, which lures users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address.

This malware, dubbed Eskimo by F-Secure, buys items and take screenshots. It can also hijack and drain the user's account on the Steam online shop and gaming community, which is often linked to Twitch accounts.

Meanwhile, in an 11 September blog, Russian AV security firm Doctor Web says that malware dubbed Trojan.SteamBurglar1 bug is being spread via Steam's chat forums.

This Trojan searches the user's computer for valuable games artefacts which can be sold for cash, and transfers them to the hacker's account.

In its blog, Doctor Web points out that online gaming is a “highly competitive billion-dollar market” where items that can enhance the players' performance are traded for real money.

A spokesman for Twitch has told journalists that it is taking steps to limit the impact of the malware revealed by F-Secure.

The company has warned users via its Twitter feed: “Do not click the 'csgoprize' link in chat. This is a phishing attempt to install malware and compromise your Steam account. We will work to block that link, but be aware that variants could appear. In general, you should be wary of any links in chat."

The discovery of the gaming malware highlights new phishing and hacking approaches, according to cyber industry experts.

Commenting on the Twitch attack, Steve Smith, MD for security consultancy Pentura, told via email: “This is an interesting twist on traditional phishing scams, using chat forum links to infect users' machines with malware to hijack accounts for exploiting.

“The attractions for criminals are the large numbers of users of these platforms, and the fact that the platforms carry transactions.”

Likewise Scott MacKenzie, CISO with cyber security solutions provider Logical Step, told via email: “The risk to gamers is similar to web users that fall victim to phishing attacks.

“Users that fall prey to the attack download a windows binary to their machine. This binary is used for stealing game items; however, the binary payload could just as easily be used to capture bank details, or use the victims' machine as a node in a botnet.

“This is therefore another (potentially lucrative) attack vector open to the malware developer, where more than just in-game items can be stolen.”

As for the implications for the corporate security world, Steve Smith said: “I would not be surprised to see similar tactics starting to be used on corporate platforms.”

But MacKenzie felt: “From a corporate security perspective, I would expect the impact to be minimal because web connections route through proxy servers in most companies. These proxy servers normally only allow HTTP (80) and HTTPS (443) traffic through them.

“The majority of online games, including Steam, require a number of additional UDP and TCP ports to be open in order for the game to work. In corporate environments running web proxies, users would not be able to play these online games.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews