Be careful when using Twitch to not click any suspicious links in the video-streaming platform's chat tab.
The official Twitch Support Twitter account has issued a new PSA on Friday, letting users know not to click the "csgoprize" links that pop-up in chat. According to F-secure, the mail, which supposedly invites users to participate in a weekly raffle to win Counter-Strike: Global Offensive items, a Java Program will ask for name and email. If you continue, the program will install a file on your computer, which is able to take money from Steam Waller, as well as trade or sell items from inventory.
Twitch Support has stated that it's currently working on blocking the link, but it highly likely other variants will appear, so users should be wary of any links that appear in the chat. It also suggests broadcasters to enable the "Block Hyperlink" feature in chat, under the Channels & Videos settings.
Twitch is the most popular live-streaming video-game service, in fact August Amazon announced a deal to purchase all Twitch shares for $970 million in cash, which makes it a viable target for such an attack. However it's bizzare the phishing scheme targets Steam. While it is possible some users are keeping a lot of cash in their Steam Wallets, it doesn't match credit-card or checking-account information. It's also a lot easier to track down whomever is behind the attack, so it doesn't seem like a very good target.
However, until Twitch finds a way to deal with the issue, or Steam manages to find the user behind the attack (multiple users report trading with an account called Youni), it's best you don't click any link on Twitch.