Users gullible enough to click on the link are directed to a Java program which asks for the participant's name, e-mail and permission to publish the winner's name. In reality, it doesn't store these details anywhere but drops a Windows binary file and executes this.
The malware is able to wipe your Steam wallet, armory, and inventory dry. In fact, it even dumps your items for a discount in the Steam Community Market to sell them asap. All this is done from the victim's machine, because Steam's security checks prevent logging in or trading from a new machine.
After this message, the malware proceeds to dropping a Windows binary file and executing it to perform these commands:Full details over here.
Take screenshots Add new friends in Steam Accept pending friend requests in Steam Initiate trading with new friends in Steam Buy items, if user has money Send a trade offer Accept pending trade transactions Sell items with a discount in the market
This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry. It even dumps your items for a discount in the Steam Community Market.
Previous variants were selling items with a 12% discount, but a recent sample showed that they changed it to 35% discount. Perhaps to be able to sell the items faster.
Being able to sell uninteresting items will allow the attacker to gather enough money to buy items that he deems interesting. The interesting items are then traded to an account possibly maintained by the attacker.