cross-posted from: https://programming.dev/post/37902936
- Forensic report compiled by the research collective behind the takedown of Block Blasters— Credit: 1989 on X/Twitter.
- G DATA Report.
For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Source: rastaland.TV on X/Twitter— Private front-end.
More context:
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
Source: vx-underground on X/Twitter— Private front-end.
Source: ZachXBT on X/Twitter— Private front-end.
Comments
Unfortunately, it’s extraordinarily easy to hide malware in any application that is expected to have online components, because you can add the malicious, “staged” malware after install. Also, depending on what the code is doing, it may not even appear malicious to malware scanners.
Crypto-stealers often don’t even need to elevate privileges or access system components or create backdoors in order to operate, they’re just sending info out, so from a behavioral perspective they often don’t really “act” maliciously.
Sadly, this is less about Valve not preventing something, and more about someone falling for targeted phishing.
Edit: Looking through the tweets, the only references to it being malicious all appeared within the past day, and the claims of the dev being compromised within the last week, so I’d guess the game was updated with malicious components in the last couple days.
The thing is, Valve could go back to their old model where they review and approve 100% of new games on Steam. It would be significantly more expensive than it used to be for them, but they have more than enough money to staff a team for this process. They could do this, and they would still be plenty profitable. They just choose not to because they have no financial reason to do so, and they would rather keep that extra money as profit. Unfortunately, their choice to leave Steam as an unmoderated hell scape has had real consequences in the real world on real people.
This would be expensive, time consuming, and utterly useless.
Automated scans are going to be just as useful, if not more useful, than manual auditing. Not to mention, manual auditing is useless in 99% of cases unless you’re also submitting source code. And even then, if you offer any sort of streaming of assets, you can simply not turn on the exploit download until after the review process. That isn’t even mentioning the issues with uploading source code.
This simply isn’t an issue you can throw money or manpower at. Really, users need to be more educated, which is something valve can do.
They already scan all submitted games with malware scanners. Manual approval wouldn’t be any different, they weren’t doing binary analysis or source code review before. Their AV scanners back then would have given them the same result as their AV scanners now.
that’s fair! maybe I am overestimating, IDK. I just think that if such a process still existed, the approval process would be lengthy enough that people wouldn’t even bother with trying to sneak by malware submissions.
While this would be nice, it’s not that hard to design malware that hides itself in certain environments. It’s actually extremely common for more advanced malware to disable itself in sandboxes, for example.
For other reasons, that might be nice though. It at least enforces some level of quality and playability.
For the curious, stuxnet is a prime example of software altering behaviour under different environments https://en.m.wikipedia.org/wiki/Stuxnet
What people overlook is how Valve removing those barriers to listing directly brought about the indie revolution that’s happened.
Exactly, greenlight was good for the time but sucks compared to what we have now
Except that wouldn’t prevent a lot of scams like that, what if the game’s cryptodrainer only activates like 2h in