Twitch Security Breached, Mandatory Password Reset
Today I want to touch on two things:
- Change your password on Twitch.tv and best security practices
- Re-link your Twitter and YouTube accounts.
Today I want to touch on two things:
Raiding or bombing is a tactic that started as a way to redirect viewers of a channel to a different one, in order to increase popularity. This type of action is not condoned by Twitch, but the raider has to be reported.
Most of the times such actions are carried out through a bot and end with decreasing the number of viewers of the raided streamer.
Researchers from Malwarebytes took a look at the two samples discovered to pose as bots and found one of them to be a Trojan, while the other integrates a potentially unwanted program (PUP).
The sample, detected as Trojan.Crypt, is known to change the start page of browsers running on the compromised system.
According to the company, the malware comes with other capabilities, too, which include collecting data about the computer. It harvests Windows Product ID, MachineGuid, DigitalProductID, and SystemBiosDate. One possible reason is to fingerprint sandboxes or test machines.
Malwarebytes researcher Jovi Umawing says that the malware injects code into processes and also drops non-threatening component files in the Windows system folder.
She said that some protection measures have been integrated in the analyzed version of the malware, which does not allow Process Explorer and Task Manager utilities to start; this way, users’s attempts to terminate the activity of the threat are futile.
The second sample (Twitch.TV View Bot) found by the researchers delivers more than just the bot, as before the actual installation routine, a screen requires the user to hit the “Accept” button.
Umawing says that the scammers behind are part of a pay-per-install (PPI) affiliate network, getting paid for every user that puts the application on their system.
At the moment, 29 out of 55 antivirus engines on Google’s VirusTotal service detect the file as suspicious or as adware.
Initially, raiding other streamer’s chat window would be done to direct the viewers to a different channel, but there are cases where such tools are offered for hire on hacker forums for the purpose of flooding chat windows with spam.
One such service allows hiring for just a short period of time as well as getting lifetime access to it. It is administered straight from the web browser where the target’s name has to be entered along with the unsolicited message. The attack can be initiated or stopped at the operator’s discretion.