1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Announcement Twitch malware bots

Discussion in 'SteamRep General Discussion' started by SilentReaper(SR), Sep 13, 2014.

  1. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    see: http://www.f-secure.com/weblog/archives/00002742.html

    On twitch there are bots active in the chats there, that spread malware and take control of steam accounts on the users computers, making transactions, trade offers etc etc. Read above linked article for the full Monty.
    Last edited by a moderator: Sep 13, 2014
  2. So, is this like a phishing method?
  3. I THROW PISS

    I THROW PISS New User

    Messages:
    1
    Steam:
    STEAM_0:1:44458137
    A much more dangerous version. Once you fill out your details in the link, it drops a command to the computer that allows it to use anything on your account anyway it wants - including money and the market. And it's all done from your account, so steam won't suspect a thing.
  4. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    its malware, that means some rogue program gets installed on one's computer, that controls their steam client.
    the only common thing with phishing is that its a link that the victim has to click. But with phising its a fake website, or a small program that steals their steam config files, in this case its mallware that controls their steam client.
  5. gukingofheart

    gukingofheart New User

    Messages:
    452
    Steam:
    STEAM_0:1:49222635
    What does this fake link look like? Is it a steamcommunity? Is it something completely random?
  6. gukingofheart

    gukingofheart New User

    Messages:
    452
    Steam:
    STEAM_0:1:49222635
  7. That actually looks like a fake phishing link, not the thing that Silent said.
  8. Also what are admins gonna do with this "Youni" guy? Are you going to ban/mark him as a hijacker? (Maybe a scammer)
  9. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    to the user it doesn't look much different, only that they actually push the user to run a java applet that will run crap on their computer.
  10. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    no idea who that is, got more then enough reports floating around that we do not know them by names anymore. If you have specifics, you should always name them. Also, how is this related to this topic?
  11. I said it because they said that the victims items where stolen by him with nothing in return. Youni, who was written in the link. If there was a link to his profile that would be good so we could track him.

    Attached Files:

  12. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    As they didn't link the account's ID, we have no idea which account it is. A search on the forums ONLY reveals this topic atm, so if they reported it, it was not by that nickname in the ID block.

    Also, those reports would not really fall into our policy, for it would have been a hijack, which we would not cover anymore for tagging.

    The youny account would probably fall under that as well, for most often they just use hijacked accounts, never using their main account, which they often do not even have.
  13. Deiv

    Deiv New User

    Messages:
    6
    Steam:
    STEAM_0:1:36199972
  14. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
  15. Deiv

    Deiv New User

    Messages:
    6
    Steam:
    STEAM_0:1:36199972
    Free tool provided by this link is able to detect and remove all known variants of this threat: http://www.f-secure.com/en_GB/web/home_gb/online-scanner

    As for now it also looks like malware authors took down their command and server. 162.218.209.98 IP is not at least right now responding. Infected clients should still be cleaned.
  16. [JCGG] Jomarcenter - MJM

    [JCGG] Jomarcenter - MJM New User

    Messages:
    20
    Steam:
    STEAM_0:0:44619298
    But could be returned. I suggests that you remove the malware or format your pc just to be safe.