The BBC reports that users of the popular video streaming website Twitch.tv are attacked on the site which can lead to the buying, selling or trading of virtual user items on the gaming platform Steam.
Attacks are carried out via links that get posted in chat on the site according to F-Secure which reported about it first. The messages invites users to participate in weekly raffles for a chance to win virtual items for the game Counter-Strike Global Offensive, the most recent version of the popular Steam game.
Users who click on those links load a Java program which asks them for information. While it is unclear if those information are processed at all, it is clear that the program drops malicious software on the user system which allows the attacker to perform a series of commands including adding new friends on Steam, buying items with user money, sending trade offers, selling items on the market and accepting trade transactions.
Virtual items can be bought, sold and traded on Steam with some items being sold for thousands of Dollars. While the average amount is lower than that, most games have rare items that are offered for one hundred or even more Dollars.
These types of attacks, and Twitch is just an example of one attack on one site, can be addressed in several ways:
If a user cannot distinguish between a legitimate link and a malicious one (click on this link and a Nigerian prince will send you $10 million US Dollars for safe keeping), then this is without doubt the biggest problem.
While companies can improve security on their end, there will always be ways for attackers to exploit the naivety of Internet users.
Raffles, quizzes, surveys, phishing emails and others are used for a long time by attackers and nothing seems to have changed in that time. Users still fall pray to those scams even though magazines and sites report about them all the time.
System and program security has improved as well in that time but that does not seem to keep users safe on its own. While it may help somewhat, attackers are ingenious enough to find new attack forms or variations of existing ones to exploit.
The only thing that will help in the long run is user education. This does not have to be in form of an hour-long session either as there are only a few rules that users need to follow to improve their security on the Internet significantly:
Now You: Have something to add? Feel free to share it with all of us in the comment section below.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.