Twitch malware spends users’ money

_74953101_74953100

Malicious software spread via chat forums on the video games streaming site Twitch can spend users’ money without authorisation, it has emerged.

The Finnish security firm F-Secure said clicking on the malware links also enabled infiltrators to wipe accounts on the gaming shop, Steam.

Twitch is advising users not to use links from unknown sources.

The site, which was recently bought by Amazon for $970m (£597m) has more than 55 million unique monthly viewers.

Malware
The malware woos users with the promise of prizes
The vulnerability originates from an automated account which, according to F-Secure, “bombards channels and invites viewers to participate in a weekly raffle for a chance to win things such as ‘Counter-Strike: Global Offensive’ items”.

If viewers take the bait, they are invited to fill in their name and email address which then allows the malicious software to gain control, allowing it to:

_77559711_cde9db60-34b8-4a27-b438-f5df58ca985b

Add new friends in Steam (a gaming shop and community commonly linked to Twitch accounts)
Accept pending friend requests in Steam
Initiate trading with new friends in Steam
Buy items, if user has money
Send a trade offer
Accept pending trade transactions
A spokesman for Twitch told the BBC that the vulnerability was the “first instance” he had seen, but that the site would “remind our community about not clicking on links from unknown sources just like they wouldn’t on other social media sites”.

He added: “Please note that we give all broadcasters the option to disable links in their chat which can easily prevent this.”

More on this story : http://www.bbc.com/news/technology-29177284

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s