What's the most devastating thing you can tell an avid Steam user? No, not that Electronic Arts has somehow miraculously bought out Valve (even though they don't actually have the capital to do so). The most devastating thing you can tell a Steam user is that a hacker has gained access to their Steam account and all their goods could be in danger. That's part of the gist with this new form of malware running around out there.
According to F-Secure, there's a link that's making the rounds – mostly through the online video streaming website Twitch.tv – that leads anyone who clicks on the link to a malware site.
According to F-Secure it's all being done by a bot using a fake contest for Counter-Strike...
“A Twitch-bot account bombards channels and invites viewers to participate in a weekly raffle for a chance to win things such as "Counter-Strike: Global Offensive" items”
After clicking on the link, users are taken to a page that uses a Java script that asks for a user's e-mail address and “permission to publish winner's name”. However, it's noted that the information doesn't actually go anywhere.
Instead, a series of actions are taken by the malware that disrupts your Steam account, enacting the following sequence of events.
• Take screenshots
• Add new friends in Steam
• Accept pending friend requests in Steam
• Initiate trading with new friends in Steam
• Buy items, if user has money
• Send a trade offer
• Accept pending trade transactions
• Sell items with a discount in the market
The biggest problem with this malware – dubbed Eskimo – is that it takes over your Steam wallet funds and carries out the tasks as listed above. If you have anything in your inventory it also trades it off to a dummy account presumed to be maintained by the hacker.
In essence, the hacker gets your goods and can then resell them on the community market and make small amounts of currency from each sell. While moving only a few items at maybe $0.10 or so seems miniscule, for every hundred accounts that get hit with the malware, the hacker makes a $1 for every item sold per-hundred accounts. Now you just have to multiply that per every account that got hit with the malware and then multiply that by every item each of those accounts traded to the dummy account, and you begin to see that this could end up being a very profitable scam by the software con artist.
What makes this particular bit of malware so damning is that all of this is done from the host machine, so there's no way it can be flagged as malicious. The best way to go about getting any sort of retribution would probably be to take note of the account that your items were traded to and report it to Valve.
Most people have basically made it known that unless you know the person and unless they're trusted, don't click any links within the Twitch.tv stream. That seems like it should go without saying, but just in case: make sure you don't click any links posted in the Twitch.tv streams. Additionally, any link asking for your account info that isn't from a verified source is likely a scam.