Having all of your PC games stored in the cloud and ready to stream at a moment's notice is convenient, but it was an awful lot harder to spread video-game malware back in the CD-ROM days. Gamers who use Twitch, a popular live-streaming service, are at risk of contracting a nasty program that can compromise their Steam libraries and cost them quite a bit of real money.
F-Secure, a Finnish online security company, blogged about the threat. A bot enters Twitch.TV chatrooms and starts spamming users with notifications about a weekly raffle to win expensive items for Counter-Strike: Global Offensive, an iconic competitive first-person shooter. Following the link leads to a Java app that asks for a user's name and email address — fairly innocuous stuff.
The app is not as benign as it seems. Although it claims to want only your email address, it quietly installs a program known as Eskimo on your computer that can take screenshots and manipulate your Steam account. The malware does not actually need your password, since chances are you're already logged into Steam on your personal machine. From there, it can add friends as well as buy, sell and trade virtual items.
What happens next is not terribly surprising: All of your valuable items get traded away, and all of your cheap ones get sold for easy money. Using that money, a hacker can buy more valuable items and trade them back to himself. At present, many of the items seem to be going to an account known as Youni, although the name changes frequently and there may be more than one hacker at work.
The good news is that the scam is extremely easy to avoid: Don't click on strange links in Twitch chat. A standard antivirus sweep will take care of the malware. If you've already lost your items, you may not have much recourse, but Valve customer service is always a good first stop.