cross-posted from: https://programming.dev/post/37902936
- Forensic report compiled by the research collective behind the takedown of Block Blasters— Credit: 1989 on X/Twitter.
- G DATA Report.
For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Source: rastaland.TV on X/Twitter— Private front-end.
More context:
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
Source: vx-underground on X/Twitter— Private front-end.
Source: ZachXBT on X/Twitter— Private front-end.
Comments
Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.
Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.
I am decently versed in the game of cat and mouse. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
Have you seen the malware? It would have passed that test.
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments about for explicit details regarding the malware)
Password protected zip file is also a way to deliver content an indie dev might use to lock content, so that on its own is not enough, but also the “payload” was connecting to a remote server, which is not indication of bad behavior, lots of games connect to remote servers and receive commands from there, e.g. event X starts now, or something. Except in this case it allowed a reverse shell.
Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).
Clearly it passed thier test. But it was not undetectable.
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.
It isn’t easy as you say.
If they could let us run games in a sandbox/virtualised area that would be amazing though. That’s a very big ask though.
I do know that xbox consoles run games in their own hyper-v vm which gives extra protections to us from most malicious code.
Obviously this would be hard for Steam to implement, but it would be a very nice measure.
I didn’t say it was easy. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.