FINNISH SECURITY FIRM F-Secure has warned gamers that the Twitch video streaming service has been hit with malware that can spend users' money.
The firm revealed its concerns in a blog post on Friday, shining a dark light on the new gaming console darling and its role in the world of Steam.
F-Secure said that an alarmed Twitch user - not Amazon - approached it with some concerns, explaining that a lure in the Twitch chat feature offers access to a raffle.
We all know what can and usually does follow the clicking an unsolicited link, and that is the start of a one-way trip to malware.
This link, which purports to offer gaming gewgaws, is yet another lie, said F-Secure. It explained that a "Twitch-bot" account "bombards" the chat feature and tickles users with its lure.
"The link provided by the Twitch-bot leads to a Java program, which asks for the participant's name, e-mail address and permission to publish winner's name, but in reality, it doesn't store those anywhere," explained the firm. This is followed by a pop-up on-screen box which claims some rubbish about entry to a raffle and asks users to click an OK button.
Clicking OK takes you into the world of the malware. F-Secure called the malware Eskimo, adding that it does various antisocial things like selling users' items and cleaning out their Steam wallets.
"All this is done from the victim's machine, since Steam has security checks in place for logging in or trading from a new machine," said the firm.
"It might be helpful for the users if Steam were to add another security check for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold. This will lessen the damages done by this kind of threat."
Security PSA: Do not click the "csgoprize" link in chat. This is a phishing attempt to install malware and compromise your Steam account.^JM— Twitch Support (@TwitchSupport) September 12, 2014
Twitch has reacted to the news by warning customers not to click such links and by telling broadcasters that they can block hyperlinks in chat. µ
Someone could be in for a NASty surpise
An assault course on the senses
Boasting Bionic boosting