Users Get Steam Wallet Picked Clean By Twitch-Bot Malware
The supposed raffle offers users a chance to win various prizes, such as Counter Strike: Global Offensive weapons. However, it's not a legitimate raffle. The link provided by the Twitch-bot loads up a malicious Java program that asks for the user's name, email address, and permission to publish the winner's name.
Of course, it's all a rouse. What the program is really doing is getting the user to authorize the underlying malware to run, which in turn drops a dirty Windows binary file and executes it. The malware then proceeds to take screenshots, add new friends in Steam, accept pending friend requests, initiate trading with new friends, buy items (if the user has money), send a trade offer, accept pending trade transactions, and sell items with a discount in the market.
In other words, the malware pickpockets the user's Steam wallet and depletes his/her inventory. The items that end up in the market sell for anywhere from a 12 percent to 35 percent discount, depending on the item. When the cash rolls in, the hacker behind the malware uses the funds to buy nicer items, which are then traded to a different account.
It's a clever piece of malware, especially since it accomplishes its dastardly deed by running on the victim's machine. In doing so, it's able to sidestep Steam's security checks, which requires verification when logging in or trading from a new PC.