Scammers are using fake Twitch sites to deliver malware
It's little surprise that the site, which has tens of millions of users and was just acquired by Amazon for nearly $1 billion, has garnered attention of serious scammers.
In one case, malware gets delivered from a phony site that mimics Twitch's design, TwitchTV.net (the real site's address is "Twitch.tv"). For newcomers and those less familiar with the tactics of online scams, the fake site could pose a serious danger, as it immediately prompts visitors to download software.
Image via Malwarebytes
Those files, not surprisingly, are not good. Though the programs come with names that sound innocent enough—“Desktop Temperature Monitor”, “SuperPC Tools”, and “Cinema Plus Shopping"—Malwarebytes identified two of the files as PUPs (potentially unwanted programs). These included PUP.Optional.DomaIQ, a malicious piece of software that often targets browsers and can change a number of settings, constantly redirect your page, deliver intense levels of pop up ads, and open several tabs at once.
PUPS are becoming a serious issue in online security. They often come in a package with a "legit" application, Marta Janus, a security researcher at Kaspersky Labs, told the Daily Dot in an email. And the files "contain a license agreement that might inform [the] user of actions that such a program are going to perform, in order to ‘justify’ any suspicious/malicious behaviour, at least from the legal point of view.
"This is an easy way to exploit the fact that almost no one pays attention and reads the license agreement carefully.”
PUP is a pretty broad phrase, describing a wide array of applications that can be harmless but still annoying, like the unwanted toolbars that have been the scourge of Internet Explorer users for years. However they can also be spyware tools that collect data and send it back to servers.
"They might also include remote administration or password recovery tools, which pose a serious privacy and security risk, when installed without user’s full awareness and used remotely by cybercriminals," Janus says.
This isn’t the first time Malwarebytes has found PUPs delivered through Twitch, or a guise of Twitch. Scammers have been spreading PUPs to users through something called Twitch bombing or Twitch raiding, where a user—or in this case a bot—raids another person’s stream to direct viewers to another, less-viewed stream. This practice is explicitly forbidden by the streaming company.
Actual humans hoping to Twitch bomb better watch out as well. In early October, Malwarebytes discovered a number of PUP files hosted on different sites that ape Twitch’s name and design, including one called TwitchBomber.pw. There, users were prompted to download Twitch bombing programs that were actually pieces of malicious software.
Illustration by Jason Reed