Malware drains Steam wallet and user inventory

Posted on Monday, September 15 2014 @ 14:36 CEST by Thomas De Maesschalck
F-Secure announced a new piece of malware is making the rounds that is designed to clear out your Steam wallet and steal your user inventory. The malware is spread via spam bots on live streaming platform Twitch, these chat bots bombard accounts with messages that invite users to enter a weekle raffle for a chance to win in-game items like a bayonet for Counter-Strike: Global Offensive.

Users gullible enough to click on the link are directed to a Java program which asks for the participant's name, e-mail and permission to publish the winner's name. In reality, it doesn't store these details anywhere but drops a Windows binary file and executes this.

The malware is able to wipe your Steam wallet, armory, and inventory dry. In fact, it even dumps your items for a discount in the Steam Community Market to sell them asap. All this is done from the victim's machine, because Steam's security checks prevent logging in or trading from a new machine.
After this message, the malware proceeds to dropping a Windows binary file and executing it to perform these commands:

  • Take screenshots
  • Add new friends in Steam
  • Accept pending friend requests in Steam
  • Initiate trading with new friends in Steam
  • Buy items, if user has money
  • Send a trade offer
  • Accept pending trade transactions
  • Sell items with a discount in the market

    This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry. It even dumps your items for a discount in the Steam Community Market.

    Previous variants were selling items with a 12% discount, but a recent sample showed that they changed it to 35% discount. Perhaps to be able to sell the items faster.

    Being able to sell uninteresting items will allow the attacker to gather enough money to buy items that he deems interesting. The interesting items are then traded to an account possibly maintained by the attacker.
  • Full details over here.

    Malware steals Steam money


    About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments