For the first time since the release of Twitch, the gaming chat forum which was recently bought by Amazon, it has been reported that malicious software is being spread via the chat forums through scam links. The malware identified takes control of a user account, spending their money without any user authorisation.
The vulnerability gains automatic access to an account through a link claiming it enters you into a competition for new weapons in games, asking for your name and email address in order to enter you into the “prize draw”. By providing these details, it automatically gives the software a mountain of permissions, giving it full control of your Twitch and Steam account. This control not only authorises the adding, acceptance and invite of members and trade, but also provides full access to a user’s money via uploaded credits and connected bank cards, giving the potential to wipe a user of their money.
The vulnerability was discovered to originate from an automated account which was posting the fake competition URL across different channels, inviting viewers to participate. In order to combat this, Twitch is advising its 55million unique monthly viewers to not click on any links from unknown sources and promoting broadcasters to disable links in their chats to prevent malware from spreading.
It’s not just forums where malware is found, therefore it should be noted for everyone to take care across all social media, only clicking links to pages they know and protecting their details and hardware from malicious software that floats across the ever-increasing web.