cross-posted from: https://programming.dev/post/37902936

For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam

After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.

I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.

also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.

Source: rastaland.TV on X/TwitterPrivate front-end.

More context:

Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.

This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”

They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.

Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.

Video.

Source: vx-underground on X/TwitterPrivate front-end.

Source: ZachXBT on X/TwitterPrivate front-end.

Rastaland GoFundMe.

Comments
  • I Cast Fist@programming.devEnglish
    25·
    12 hours ago

    The game in question, Block Blasters, which was free to play, has been removed from Steam, although it seems owners can still try to install it, but antivirus programs may block those attempts.

    The GData linked in the post shows that the game was released in July 31 and that the malware update came in August 30, adding a .bat and 2 .zip files within the Engine/Binaries/ThirdParty/Ogg directory. The zip files were password protected, which blocked scanning.

    The batch script checks first if the system is running only Windows Defender and does not have any of the listed AV products from AV_PROCESSES as a running process; if these criteria are met, the batch script unpacks the contents of the archive “v1.zip” (…) The script “1.bat” adds the destination folder of the executables found inside the “v3.zip” archive to the exemption list for Microsoft Defender Antivirus. [emphasis mine]

    So, yeah, it’s pretty clear how easily it went undetected by Steam, Windows Defender or any other antivirus program - malware inside a password protected zip. I suspect making something similar on Android wouldn’t be much harder, as an app or game that needs access to your internal storage isn’t “too weird”, like something that asks for some music to play in a stage.

    • pulsewidth@lemmy.worldEnglish
      18·
      11 hours ago

      A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.