cross-posted from: https://programming.dev/post/37902936
- Forensic report compiled by the research collective behind the takedown of Block Blasters— Credit: 1989 on X/Twitter.
- G DATA Report.
For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Source: rastaland.TV on X/Twitter— Private front-end.
More context:
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
Source: vx-underground on X/Twitter— Private front-end.
Source: ZachXBT on X/Twitter— Private front-end.
Comments
There are so many ways to bypass what you describe, in addition to it not working for games with kernel anti-cheat etc.
The real issue is all desktop OSes deciding everything should be allowed to access everything. Why is a game able to access your crypto wallet by default, without any permission required? Why can a fake pdf access browser cookies? This has been solved on phones for years.
And there are so many ways to detect the bypasses. It’s an arms race, and the most profitable games store of all time should really have a cutting edge system to deal with it is all I said.
Windows should have better security too, but the two thoughts can be held in the mind at the same time.
Well, I just disagree with you. IMO, they are a game distribution company, not a security company. I don’t see this as their job and I am not willing to pay more for games to have some far from perfect behavior scanning.
PS: That is not to say Steam should do nothing, just not behavior analysis, which is an unnecessarily difficult and expensive measure to implement and operate.
Who said you need to pay more for games? Steam already takes thirty percent of sales (for the vast majority of sales), they are a $10b+ game distribution company… They’re worth more than several leading security/antivirus companies combined.
I just don’t understand the mindset people get around Steam. They are a business that makes a fortune distributing games, run by a billionaire - they are not a little indie company struggling under the weight of their success.
And I don’t get the mindset of large company should do things for free. Valve is using the 30% to distribute games, provide backups for saves, run steam workshop, make games playable on Linux, creating the steam framework for games, and more. And of course keeps some of it as profit. Being a large company does not give you infinite resources. If they invest massive effort into some behavior analysis stuff, either they increase prices or cut something else they are doing.
All they’re expected to do is pay for upstream providers to scan their submissions (eg third party security providers), no need to hire new staff. This is the fourth instance publicized this year! They should communicate regarding issues like OPs - but like usual, it’s crickets.
If this is really just 4th instance this year, then it would be significantly cheaper to just reimburse the ~120k then to do what you are suggesting. Besides, a third party provider will hardly deliver a cutting edge scan for games.
Most importantly, whether they pay their own employees or a third party provider, the result is the same. Either prices go up or cost cutting happens elsewhere.