cross-posted from: https://programming.dev/post/37902936
- Forensic report compiled by the research collective behind the takedown of Block Blasters— Credit: 1989 on X/Twitter.
- G DATA Report.
For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Source: rastaland.TV on X/Twitter— Private front-end.
More context:
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
Source: vx-underground on X/Twitter— Private front-end.
Source: ZachXBT on X/Twitter— Private front-end.
Comments
This headline feels like a trap. Yes, Valve is the arbiter of what passes through the Steam store. Part of that involves checking for malware which, while their record isn’t flawless, they’ve let very little of it through given the sheer volume of games published to Steam every year. The consequences were terrible here, and I hope that can be rectified somehow. But the implication of this is that Valve makes this sort of error all the time through their “incompetence”, which they don’t, and the point of phrasing it this way seems to be to call anyone stating otherwise some kind of defender of a multibillion dollar company. It seems like a far better use of everyone’s time to be mad at the scammer here. Supporting and profiting from child gambling via Counter-Strike is a much better reason to be mad at Valve than the mistakes or other gaps in their vetting process that will be slightly tighter as a result of this mishap.
Well since Steam provide absolutely zero details about their scanning process (or even if it exists), seems like conversely people are making a lot of really complementary assumptions about Steam, no?
This is certainly not the first malware distributed by Steam - this is in fact the fourth publicly-known instance just this year.
Seems like they need to step up their game if you ask me.
Almost 14 thousand games released this year on steam. You could say malware is 100x more likely than the 4 publicly known instances you mention and that’s still not even 3% of games released. Steam is responsible but I don’t know how you expect them to get that down 0% besides manually reviewing game code line by line, which would probably destroy the platform. Don’t let perfection be the enemy of good
Good it is not when the recommendation from security experts and reporters is to avoid any Steam games with low numbers of installs / reviews and betas from small companies. That’s where we’re at now.
https://www.bleepingcomputer.com/news/security/verified-steam-game-steals-streamers-cancer-treatment-donations/
Nobody reviews game code, as game code is not supplied, only binaries with their relevant resources. There are many security providers that would be able to provide better service that whatever Valve is doing - but who knows, because they keep tight-lipped about it every time there’s an issue, and just patiently await their defenders to hand-wave any concerns.
Lmao well I don’t know what you want. If you want your PC to be secure, don’t use the Internet. You can’t expect every piece of software you come across to be perfectly vetted. In an ideal world sure everything would be foss and peer reviewed but that sure as hell ain’t the world we live in.
Reporting from outside sources has covered what Steam’s vetting process is. They check to see if the game runs, if it has the features that the publishers/developers claim it has on the side bar, and they check for malware. Often times this is outsourced, but the buck does stop with Valve. The thing with any security measure though is that anything can be circumvented, and preventing the same vector of attack in the future is an arms race. And another way to read what you said about how many instances of malware there are is that it affects 0.02% of games released this year so far, and they’re not the games that customers are most likely to buy in the first place like your Borderlands or Battlefields.
Jerboa developers, may I kindly ask for an option to disable automatic video preview?
Don’t get me wrong, it’s a nice feature and all, but fuck it eats at my limited cellular data usage and eats my battery…
Edit: That was meant to be a top level comment, my bad. Leaving it though.
Looks like they just added it in the new release. We should get you to ask for world peace next time, but this is pretty good too.
Oh, new update?!
Awesome, thanks for letting me know, hope the option is there… 👍