Malware, Threat Management

Botnet services attract scammers on Twitch seeking quick viewer boost

Researchers at Symantec have observed a number of botnet services that take advantage of Twitch, a popular streaming video platform that has attracted an estimated 1.5 million “broadcasters” who use the service.

Lionel Payet, a security response manager at Symantec, explained in a Friday blog post that, since Twitch broadcasters with a large enough following are encouraged to become a Twitch Partner (which allows broadcasters to earn money through viewers who subscribe to their channels or through ads), scams that offer a “shortcut” are beginning to creep up online.

“During our research, we found several Twitch botnet services that were for sale both on underground forums and on the open web,” Payet wrote. “These services allow people to rent bots over a period of time to boost their Twitch channel viewership stats. The offerings are marketed as being easy for customers to set up. We also found that many services offered a single application that could generate a huge number of fake Twitch channel viewers.”

Payet, who detailed some of the services, added that one of the offerings [IMAGE] entailed monthly subscriptions with varying prices depending on the number of live viewers, “chatters,” and followers users desired.

“This shows yet again how botnet rental services are maintaining a more ‘professional' appearance to attract customers,” he wrote.

Although some of the scams were carried out, in part, by paying participants, Symantec observed one Twitch botnet in the wild, consisting of computers that were infected with malware called “Trojan.Inflabot.” The payload for Inflabot redirects users to outside websites (in this case, designated Twitch channels) and, to deliver the malware, scammers disguised the threat as a Chrome or Adobe software update. The top three countries impacted by Inflabot are Russia (39 percent), the U.S. (17 percent) and UK (12 percent), Symantec found.

In his post, Payet said that users on Twitch could eventually be impacted by different botnet services that have targeted other platforms, like gaming networks.

“Our previous research has shown how attackers hired distributed denial-of-service attacks to take competing gamers offline. This could also be used to target game stream broadcasters to disrupt their channels,” he said. “Other existing malware could be tailored to target this business and top broadcasters. For example, attackers could target well-known broadcasters with banking or information-stealing threats. They could also use popular Twitch channels' chat services to spread malware to the broadcasters' fans.”

In Friday email correspondence with, Payet said that “malware by nature [is] crafted to fly under the radar,” so consumers should be mindful of what they download and keep their security software and system up-to-date.

“Twitch broadcasters can keep an eye out for doggy links sent in the Twitch chat box which can be seen by his/her followers,” he added. “If it looks suspicious, the broadcaster can report the user to Twitch. Broadcasters can also block unwanted or suspicious followers and chats messages using moderation tools,” Payet advised. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.