For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on
Steam
After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed.
I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.
I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.
also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.
Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.
This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”
They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.
Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.
Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.
I think because in the context of the discussion, you’re (probably unintentionally?) making it sound like Steam is at fault for not catching the malware.
I mean that’s explicitly what the document above says. They call it a colossal failure of valve to allow such incredibly brazen and malware to exist on their store. If you read the forensic analysis, the writers definitely are very much blaming valve for the breach.
I mean it’s a pretty technical deep dive and they actually managed to uncover the bad guys and are willing to work with law enforcement to help see Justice done. Not exactly sure how you think they are dumb.
You can be smart on some stuff and dumb in others. Their dumb take was on somehow deciding valve was responsible without providing any sort of logical reasoning.
That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.
That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Rules
1. Submissions have to be related to games
Video games, tabletop, or otherwise. Posts not related to games will be deleted.
This community is focused on games, of all kinds. Any news item or discussion should be related to gaming in some way.
2. No bigotry or harassment, be civil
No bigotry, hardline stance. Try not to get too heated when entering into a discussion or debate.
We are here to talk and discuss about one of our passions, not fight or be exposed to hate. Posts or responses that are hateful will be deleted to keep the atmosphere good. If repeatedly violated, not only will the comment be deleted but a ban will be handed out as well. We judge each case individually.
3. No excessive self-promotion
Try to keep it to 10% self-promotion / 90% other stuff in your post history.
This is to prevent people from posting for the sole purpose of promoting their own website or social media account.
4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
This community is mostly for discussion and news. Remember to search for the thing you’re submitting before posting to see if it’s already been posted.
We want to keep the quality of posts high. Therefore, memes, funny videos, low-effort posts and reposts are not allowed. We prohibit giveaways because we cannot be sure that the person holding the giveaway will actually do what they promise.
5. Mark Spoilers and NSFW
Make sure to mark your stuff or it may be removed.
No one wants to be spoiled. Therefore, always mark spoilers. Similarly mark NSFW, in case anyone is browsing in a public space or at work.
6. No linking to piracy
Don’t share it here, there are other places to find it. Discussion of piracy is fine.
We don’t want us moderators or the admins of lemmy.world to get in trouble for linking to piracy. Therefore, any link to piracy will be removed. Discussion of it is of course allowed.
It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.
Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.
Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.
I think because in the context of the discussion, you’re (probably unintentionally?) making it sound like Steam is at fault for not catching the malware.
I mean that’s explicitly what the document above says. They call it a colossal failure of valve to allow such incredibly brazen and malware to exist on their store. If you read the forensic analysis, the writers definitely are very much blaming valve for the breach.
Yes, and a lot of people disagree with them, because they’re dumb.
I mean it’s a pretty technical deep dive and they actually managed to uncover the bad guys and are willing to work with law enforcement to help see Justice done. Not exactly sure how you think they are dumb.
You can be smart on some stuff and dumb in others. Their dumb take was on somehow deciding valve was responsible without providing any sort of logical reasoning.
That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.
That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.