Eskimo malware exploits Amazon's Twitch user accounts

Twitch, Amazon's (NASDAQ:AMZN) new $1 billion acquisition geared toward giving the company a way into the user-generated video content market, has been on the receiving end of a slew of recent malware attacks, and they're not designed to steal credit card information.

Security firm F-Secure was recently alerted to the malware attacks targeting Twitch users through the platform's chat feature when a concerned user reported that automated bots, or users without human operators, were advertising raffles to dupe players into clicking a link that would transmit the malware through a Windows binary file. The raffle incentive? Rare in-game items for titles such as "Counter Strike: Global Offensive."

These rare items and in-game currency are highly valued by players and translate into real-world profitability for those selling off the digital commodities for actual money. Players can store those items on Steam, an online gaming platform and community where users have a wallet, armory and inventory. Steam can also link to Twitch accounts, and the malware exploits the community framework and sells off user products for a quick, cheap profit then makes a clean break.

The scheme works something like this: The link provided by the Twitch bot leads users to a Java program requesting a name and email address. Once provided, users are relayed to an on-screen notification that says, "Congratulations, you have joined this week's raffle. We will contact you by email if you win!"

However, the email address and name don't actually go anywhere, and once the link is clicked, the malware, known as Eskimo, essentially hijacks the user's account and uses an algorithm to pillage in-game goods. The algorithm takes a screenshot; adds new friends in Steam; accepts pending friend requests in Steam; initiates trading with new friends in Steam; buys items if the user has money; sends a trade offer; accepts pending trade transactions; and sells items at a discount in the market.

Imagine if someone anonymously controlled your brain and had you sell off your house, your clothes, and your furniture, and then made you give them all of your valuables and money, including what you made on the sales you didn't want to conduct, before releasing you to your newfound destitution. That's essentially what this program does to gamers, and though it's "just a game," the ensuing profits for the culprit behind the malware and the loss for the user are very real.

In January, The Washington Post reported that Amazon's cloud computing service was a "hornet's nest," holding some of the most prolific malware distributors on the Internet, meaning Twitch's little infestation may not do much to alleviate the security stigma attaching itself to the Amazon empire.

Of the 10 most notorious malware sites, four are hosted on Amazon Web Services, including the top dog, DownloadInstantly[dot]com. The report, issued by IT security service provider Solutionary, came a week after Amazon's cloud program was found to be hosting a platform for a botnet that pilfered personal information from what could be millions of LinkedIn subscribers.

Amazon is hardly the only one suffering malware infiltrations. More than 1,000 U.S. businesses such as Target (NYSE:TGT) and Supervalu (NYSE:SVU) have been hit by a blight of "Backoff" malware affecting POS systems. The U.S. Secret Service and Department of Homeland Security have issued a warning that the Backoff POS malware may have infected more systems than previously believed.

For more:
-See this Washington Post article
-See this F-Secure report 

Related stories:
Amazon acquires Twitch for $1B
Backoff malware targets retailers
Home Depot investigating massive data breach
The untold story of the Target data breach
'Dark web' malware escalating rate of cyber crime