cross-posted from: https://programming.dev/post/37902936

For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on Steam

After this I was drained for over 32,000$ USD of my creator fees earned on pumpdotfun and everything quickly changed. I can’t breathe, I can’t think, im completely lost on what is going to happen next, can’t shake the feeling that it is my fault that I might end up on street again or not have anything to eat in few days… my heart wants to jump out of my mouth and it hurts.

I won’t rewatch this myself but I have added a clip from the stream after I noticed what has happened.

also I have succesfully (CTOed) my creator rewards and they have been redirected to safe device.

Source: rastaland.TV on X/TwitterPrivate front-end.

More context:

Yesterday a video game streamer named rastalandTV inadvertently livestreamed themselves being a victim of a cryptodraining campaign.

This particular spearphishing campaign is extraordinarily heinous because RastaLand is suffering from Stage-4 Sarcoma and is actively seeking donations for their cancer treatment. They lost $30,000 of the money which was designated for their cancer treatment. In the steam clip their friend tries to console them while they cry out, “I am broken now.”

They were contacted by an unknown person who requested they play their video game demo (downloadable from Steam). In exchange for RastaLand playing their video game demo on stream, they would financially compensate them.

Unfortunately, the Steam game was actually a cryptodrainer masquerading as a legitimate video game.

Video.

Source: vx-underground on X/TwitterPrivate front-end.

Source: ZachXBT on X/TwitterPrivate front-end.

Rastaland GoFundMe.

Comments
  • lazynooblet@lazysoci.al
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    8
    ·
    1 month ago

    If it’s true that the malicious game has been available for a month then steam has some blame.

      • kbobabob@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        24
        arrow-down
        2
        ·
        1 month ago

        Obviously, Steam is supposed to vet the source code of every game thoroughly before it ever gets put up for sale.

          • KuroiKaze@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            19
            ·
            1 month ago

            It’s not sarcastic. That’s exactly how most of these platforms work behind the scenes. They run automated, dynamic and static analysis against all the app code looking for potentially harmful signatures.

            • AwesomeLowlander@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              15
              arrow-down
              3
              ·
              1 month ago

              Pretty sure Steam already does that. And no automated (or even manual) analysis is going to be 100% foolproof, or we wouldn’t be worrying about supply chain attacks in Linux. So that puts us back at square one.

              • KuroiKaze@lemmy.world
                link
                fedilink
                English
                arrow-up
                4
                arrow-down
                1
                ·
                1 month ago

                Yeah that’s literally what I said. Seems like the previous guy didn’t understand that. I don’t know why anyone would downvote me for just explaining how it works.

                • AwesomeLowlander@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  6
                  arrow-down
                  3
                  ·
                  1 month ago

                  I think because in the context of the discussion, you’re (probably unintentionally?) making it sound like Steam is at fault for not catching the malware.

                  • KuroiKaze@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    4
                    arrow-down
                    1
                    ·
                    1 month ago

                    I mean that’s explicitly what the document above says. They call it a colossal failure of valve to allow such incredibly brazen and malware to exist on their store. If you read the forensic analysis, the writers definitely are very much blaming valve for the breach.

            • Nibodhika@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              arrow-down
              1
              ·
              1 month ago

              That’s not analyzing the code. Also almost assuredly steam does that. Finally that wouldn’t catch this since it was a back door, as long as the attacker didn’t use it it would not be detected by any automated means.

              • KuroiKaze@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 month ago

                That’s called cloaking and you are right that it’s not easy to find which is why you have to trip the payload with varied approaches. Reverse engineers generally are tipped off by suspicious code artifacts then start diving in. I guess the lesson here is that people really overestimated steam’s capabilities at keeping out bad stuff and you should definitely never install any game that you’re not familiar with.

        • pulsewidth@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 month ago

          Dumb take. There are many ways to scan software without needing access to the source code.

          Do you think retail antivirus providers approach every developer of every program version to request a copy of their source code for review before they can verify it’d safe?

      • Modern_medicine_isnt@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        13
        ·
        1 month ago

        Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.

        • dafta@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          17
          ·
          1 month ago

          This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.

          • Modern_medicine_isnt@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 month ago

            I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.

        • Die4Ever@retrolemmy.com
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 month ago

          There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.

          • Modern_medicine_isnt@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            1 month ago

            I chose not to spell out the full test. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.

        • dogs0n@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 month ago

          It isn’t easy as you say.

          If they could let us run games in a sandbox/virtualised area that would be amazing though. That’s a very big ask though.

          I do know that xbox consoles run games in their own hyper-v vm which gives extra protections to us from most malicious code.

          Obviously this would be hard for Steam to implement, but it would be a very nice measure.

          • Modern_medicine_isnt@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 month ago

            I didn’t say it was easy. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.

            • dogs0n@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              I believe you said it was easy in the first sentence of the comment I replied to, though maybe I am reading it wrong and you are speaking on something else.

              Nevertheless, they surely have the money to make some type of sandboxed environment for us to run games in, but I can also see why they haven’t since they have so many other things in the works right now and I believe they famously don’t have that many employees (they could hire more, but that could ruin their workflow, etc, not sure). Still, I would like to see this somewhere in the future so I can be a bit more carefree when running less known games.

              Maybe this is something that operating systems need to do for us though, I don’t know. Xbox can do it because Windows/HyperV allow it to, but they are created by the same company so the lines are blurred a bit. Not to mention use cases for PC gaming are much wider in scope, so the sandbox environment would have a lot more things to consider (probably).

              Anyways I still think this would be sorta far fetched, but I can dream it will soon exist.

              Not sure how I feel about making software distributors liable for the malware (it would make any smaller stores go out of business straight away for sure).

              Edit: this became long sorry i forgive u if you dont read

              • Modern_medicine_isnt@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                29 days ago

                You are right I did say easy. In my head I meant that valve pay for it and such, not that it was technically easy. But what I typed didn’t line up.

                And as far as sandboxing, I wasn’t really thinking vm sandboxing, I was thinking they could litterally take a whole pc, run the game and see what it does. I assume they could probably do that in a less labor intensive way like run it in the cloud and watch for the process to try to detect that as well. All in all I was thinking more testing env, and not end user changes. Cause yeah, end user support for isolating processes should be on the OS.

                But in general, they should do a better job vetting publishers and ensuring those publishers can be held accountable. That is hard to do without blocking out the smaller publishers, but I have faith that if they put a few minds to it, they could figure it out. Probably could contract out the planning part to some experts so they wouldn’t have to perm hire a lot. Might even be able to contract out the vetting so they could pass the liability on.

                A crazy thought just hit me. Something like fdic insurance. Won’t happen with this admin in the US, but if the gov setup the vetting guidelines, they could insure the vetters for damages if they followed the guidelines. That would spur vetters into existence that valve and others could then contract. Pipe dream I am sure.

        • ryathal@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 month ago

          Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.

          • Modern_medicine_isnt@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 month ago

            I am decently versed in the game of cat and mouse. The fact is, valve could do it. It is just somewhat expensive. Make a law that game distributors are liable for losses if they distribute malware and you would see how well they could do it.

          • pulsewidth@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            1 month ago

            It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.

            Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.

            (See comments above from other users for explicit details regarding the malware)

            • Nibodhika@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 month ago

              Password protected zip file is also a way to deliver content an indie dev might use to lock content, so that on its own is not enough, but also the “payload” was connecting to a remote server, which is not indication of bad behavior, lots of games connect to remote servers and receive commands from there, e.g. event X starts now, or something. Except in this case it allowed a reverse shell.

              • pulsewidth@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                1 month ago

                Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).

                  • pulsewidth@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    1 month ago

                    Thanks for the effort digging. This does not actually point out any game doing it in particular though, and it’s actually a perfect example of a working antivirus picking up a suspect file (a password protected archive) in a game’s install tree.

                    This is from Aug 2024 and could even be from one of the games that distributed malware. Its absolutely something that Steam should be blocking/flagging for manual review, and a huge red flag that any developer would use this as a tool for distributing their game content.