Twitch Botnets-for-Hire Inflate Video Views

Twitch botnet malware-for-hire has surfaced, which lets scammers fraudulently earn money through gaming streams.

An investigation from Symantec has exposed attackers who have been compromising users’ computers to add them to botnets, which are rented out to artificially inflate Twitch channel audience numbers.

Twitch, which allows members to live-stream their gameplay for popular online games like DayZ, Minecraft and such, is big business: it has 100 million annual unique viewers, 1.5 million broadcasters and claims 16 billion monthly minutes streamed.

As Symantec researcher Lionel Payet explained in a blog, that kind of popularity allows some broadcasters to earn money while streaming their videos, provided that they have a large enough audience. If they have more than 500 viewers, they can incorporate ads, offer subscriptions in exchange for additional content and set up donation pages.

“While many broadcasters have managed to legitimately earn their viewers, others have attempted to artificially inflate their viewership figures by renting a botnet,” Payet said.

Symantec found several Twitch botnet services that were for sale both on underground forums and even on the open web; and many services offered a single application that could generate a huge number of fake Twitch channel viewers. One botnet service said that it could force each enslaved computer to open five streams on broadcasters’ Twitch channels, hidden and muted so that the computer’s owner is unaware that anything is amiss.

Another service offers “chatters,” which are bots that post messages in the chat section on broadcasters’ Twitch streams. Prices range from $29.99 for 100 viewers and 40 chatters to $159 for 1,000 viewers and 400 chatters.

While some botnets may include computers where the user has agreed to take part in the scam, “some of these botnets were created by infecting victims’ computers with malware,” noted Payet.

The malware, dubbed Inflabot, appears to disguise itself as a fake Chrome or Adobe software update and has mainly infected computers in Russia, the US, UK, and Ukraine.

As Twitch has solidified itself as one of the most popular sites on the web, it is increasingly the target of criminals. Earlier in the week it admitted that it was investigating a data breach it said. But there are other concerns too.

“Artificial audience inflation isn’t the only way that this emerging sector could be targeted,” said Payet. “Our previous research has shown how attackers hired distributed denial-of-service attacks to take competing gamers offline. This could also be used to target game stream broadcasters to disrupt their channels.”

Other existing malware could also be tailored to target this business and top broadcasters.

“For example, attackers could target well-known broadcasters with banking or information-stealing threats,” he added. “They could also use popular Twitch channels’ chat services to spread malware to the broadcasters’ fans.”

What’s Hot on Infosecurity Magazine?