Skip to main content

Twitch users duped by promise of free bayonets that then empty Steam accounts

Twitch users have been hit by malware that masquerades as a competition prize and has the power to drain all funds and items from a user’s Steam account.

Related: The weirdest trend ever? Twitch fish racks up 1.5 million view playing Pokémon Red

Finnish security company F-Secure (opens in new tab) discovered the problem that has succeeded in draining the accounts of users on the Steam retail site and can also initiate trades with any new friends on Steam, which the malware allows it to add.

The vulnerability comes from a Twitch-bot that has been bombarding chat channels by inviting users to take part in a weekly raffle that offers the chance to win prizes to use on the Counter-Strike: Global Offensive game, including two M9 Bayonet knives.

When users click the link it takes them to a Java program that requests the participant’s name, email address and then permission to publish the user’s name, should they win the competition.

Once the competition has been entered a confirmation message appears, reading: “Congratulations, you have joined this week’s raffle. We will contact you by e-mail if you win!”

Right after the message appears, the malicious software is then able to perform a variety of tasks, including the ability to:

  • Take screenshots
  • Add new friends in Steam
  • Accept pending friend requests in Steam
  • Initiate trading with new friends in Steam
  • Buy items, if user has money
  • Send a trade offer
  • Accept pending trade transactions
  • Sell items with a discount in the market

A Twitch spokesmen spoke to the BBC and stated that the vulnerability was the “first instance” he had seen and the site wanted to "remind our community about not clicking on links from unknown sources just like they wouldn't on other social media sites".

Related: Google looks to bag video game streaming service Twitch

Amazon bought Twitch for a huge £585 million just last month after Google had been rumoured for some time to be eyeing it up and it has 55 unique monthly views for its service that allows users to watch other people play video games.

Jamie is a freelance writer with over eight years experience writing for online audiences about technology and other topics. In his time writing for ITProPortal he wrote daily news stories covering the IT industry and the worldwide technology market, as well as features that covered every part of the IT market, from the latest start ups to multinational companies and everything encompassed by the IT sector. He has also written tech content for our sister publication, TechRadar Pro. Jamie has since moved into sports betting content and is Content Manager at Betbull.