F-Secure announced a new piece of malware is making the rounds that is designed to clear out your Steam wallet and steal your user inventory. The malware is spread via spam bots on live streaming platform Twitch, these chat bots bombard accounts with messages that invite users to enter a weekle raffle for a chance to win in-game items like a bayonet for Counter-Strike: Global Offensive.
Users gullible enough to click on the link are directed to a Java program which asks for the participant's name, e-mail and permission to publish the winner's name. In reality, it doesn't store these details anywhere but drops a Windows binary file and executes this.
The malware is able to wipe your Steam wallet, armory, and inventory dry. In fact, it even dumps your items for a discount in the Steam Community Market to sell them asap. All this is done from the victim's machine, because Steam's security checks prevent logging in or trading from a new machine.
After this message, the malware proceeds to dropping a Windows binary file and executing it to perform these commands:
Add new friends in Steam
Accept pending friend requests in Steam
Initiate trading with new friends in Steam
Buy items, if user has money
Send a trade offer
Accept pending trade transactions
Sell items with a discount in the market
This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry. It even dumps your items for a discount in the Steam Community Market.
Previous variants were selling items with a 12% discount, but a recent sample showed that they changed it to 35% discount. Perhaps to be able to sell the items faster.
Being able to sell uninteresting items will allow the attacker to gather enough money to buy items that he deems interesting. The interesting items are then traded to an account possibly maintained by the attacker.