A new method of delivering malware has been discovered within a subset of programs for use with the Twitch game streaming service, says anti-malware software provider Malwarebytes. The risk comes from the practice known as "Twitch bombing."
There are two kinds of Twitch bombing. The first is when a Twitch streamer personally delivers their audience, usually at the end of their broadcast, into the audience pool of another Twitch stream. Popular streamers will use Twitch bombing to benevolently grow a newer or a smaller streamer's viewer count.
But, as with most things on the internet, there is a darker kind of Twitch bombing. It's an automated way to, for various reasons, artificially inflate a stream's viewer count. This type of bombing is carried out by bots, pieces of software that automate the process of going out into other streams' chat rooms and coercing viewers to switch to another channel.
Using Twitch bombing software is technically against Twitch's terms of service, but that doesn't stop the practice from happening.
Malwaybytes has found instances of several pieces of malware that worm their way into computers that choose to install Twitch bombing software. Once on a host computer, the malware hides itself and prevents common operating system components from functioning as intended. They've also discovered instances of files posing as part of popular Twitch games like DayZ.
"We discourage Twitch users who are interested in using bots," wrote Malwarebytes. "Groups and/or individuals may take advantage of them. Twitch.tv is growing in popularity, and as expected, a platform with so much to offer can be misused and abused by anyone willing to make a buck."
The full blog entry will be published at Malwarebytes' website soon.
Polygon has reached out to Twitch for comment and will update this story as needed.
Update: Twitch support says that they have received no complaints related to malware as described by Malwarebytes.