Reports surfaced this week that Amazon’s Twitch.TV gaming site had been hit by a malware attack that targeted chat forums to access user’s machines. Hackers were found to be sending phishing messages across the site’s chat forums, which lured users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address.
The news presents an interesting twist on traditional phishing scams and provides yet another platform for hackers to target sensitive information. The obvious attraction for criminals are the large numbers of users on chat forums and the fact that the platforms offer a haven for phishing scams.
With chat forums becoming increasingly popular in the corporate environment this is a trend that businesses should be monitoring closely and reacting quickly to adjust data loss prevention strategies to maintain security. With employees turning to chat forums to share best practice and problem shoot they need to be aware that they don’t know the identity, or credentials, of the people they are interacting with.
Hackers targeting chat forums will rely upon users trusting they are there to legitimately share information and assist one another to increase the chances of them opening links and files that contain malware. The attack on Twitch is a warning shot to organisations and has given them advanced warning of this latest tactic of the cyber-criminal.