A new phishing scheme on Twitch which prompts users to enter a phony raffle is actually malware that will drain their Steam wallet. Dubbed “Eskimo” the “bot” is said to look normal as Twitch uses bots as part of their normal function. Eskimo generates a link the users are asked to click on to enter a raffle for weapons and collectibles on the game Counter Strike: Global Offensive.
“This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry,” says F-Secure. “It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster.” F-Secure says Eskimo, once it has access to a Steam account, will take screenshots, add new friends on Steam, accept friend requests, trade with new friends, buy items with Steam funds, send trade offers and accept trades. After all of a user’s funds have been used to buy collectibles, the malware will trade all of the victim’s digital items to their new “friends.” The fence then sells the ill-gotten goods at deep discounts.
This is certainly going to affect many users of the service and spreading the word is probably one of the best ways to make other players and users aware. Be sure to alert your fellow players by sending them our article or the source article. Have you been duped by Eskimo? Let us know in the comments below or on Google+, Facebook and Twitter.