Botnet services attract scammers on Twitch seeking quick viewer boost

Symantec observed that the botnet services were being advertised on the underground, but also through public postings.
Symantec observed that the botnet services were being advertised on the underground, but also through public postings.

Researchers at Symantec have observed a number of botnet services that take advantage of Twitch, a popular streaming video platform that has attracted an estimated 1.5 million “broadcasters” who use the service.

Lionel Payet, a security response manager at Symantec, explained in a Friday blog post that, since Twitch broadcasters with a large enough following are encouraged to become a Twitch Partner (which allows broadcasters to earn money through viewers who subscribe to their channels or through ads), scams that offer a “shortcut” are beginning to creep up online.

“During our research, we found several Twitch botnet services that were for sale both on underground forums and on the open web,” Payet wrote. “These services allow people to rent bots over a period of time to boost their Twitch channel viewership stats. The offerings are marketed as being easy for customers to set up. We also found that many services offered a single application that could generate a huge number of fake Twitch channel viewers.”

Payet, who detailed some of the services, added that one of the offerings [IMAGE] entailed monthly subscriptions with varying prices depending on the number of live viewers, “chatters,” and followers users desired.

“This shows yet again how botnet rental services are maintaining a more ‘professional' appearance to attract customers,” he wrote.

Although some of the scams were carried out, in part, by paying participants, Symantec observed one Twitch botnet in the wild, consisting of computers that were infected with malware called “Trojan.Inflabot.” The payload for Inflabot redirects users to outside websites (in this case, designated Twitch channels) and, to deliver the malware, scammers disguised the threat as a Chrome or Adobe software update. The top three countries impacted by Inflabot are Russia (39 percent), the U.S. (17 percent) and UK (12 percent), Symantec found.

Page 1 of 2
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS