Introduction
The gaming world was rocked this week after a shocking scam surfaced on the Steam platform. A published and seemingly verified game was exposed as a malicious tool designed to intercept and reroute donations meant for a cancer-afflicted Twitch streamer. This egregious act not only targeted a vulnerable individual but also exploited Steam’s trust-based ecosystem, raising serious concerns about platform security.
The Game Behind the Scam
The fraudulent title, “Deadly Time”, was released on Steam and caught the attention of the gaming community primarily due to a viral campaign promoting it as a passion project by a small, indie developer. What lay beneath, however, was far more sinister.
Once downloaded, the game executed code that compromised the victim’s computer. More specifically, it hijacked browser sessions and redirected donations intended to support cancer treatment toward the attacker’s own digital wallet.
How the Scam Worked
This wasn’t just a simple phishing attack or donation spoof. The attackers employed a complex and cruel strategy:
- Donation Interception: The game silently monitored browser activity and tampered with URLs associated with payment platforms like PayPal and Ko-fi.
- Web Session Hijacking: Malicious scripts were injected to gain control over web sessions, effectively rerouting financial support without arousing immediate suspicion.
- Targeted Exploitation: The victim, a popular Twitch streamer publicly battling cancer, was chosen specifically due to the high volume of sympathy-driven financial contributions.
Steam’s Security Under the Microscope
While Valve (the parent company of Steam) has systems in place to review games before launch, this incident calls attention to serious vulnerabilities in the curation process. “Deadly Time” had passed all automated checks and was published as a verified title, allowing it to reach unsuspecting users through legitimate channels.
In response, Steam has now removed the game and is reportedly investigating other titles submitted by the same developer. However, the concerns raised by this incident go well beyond a single bad actor.
The Bigger Picture
This scam brings up larger issues within the gaming and streaming ecosystem:
- Trust abuse in digital marketplaces, where verification badges give users a false sense of security.
- Inadequate vetting of new releases on platforms like Steam, which can be manipulated by malicious developers.
- Targeted cyber attacks on vulnerable community members, including those publicly disclosing personal health struggles.
Community Response and Support
After the scam was made public, the streaming and gaming communities poured in support for the victim. A new fundraising campaign has emerged, now being managed through more secure channels to ensure donor trust. Several prominent streamers and influencers have also begun raising awareness around digital safety and donation fraud.
Valve has not yet released a public apology but confirmed that it is reviewing its game verification protocols and developer vetting process. Meanwhile, cybersecurity experts are urging gamers and streamers alike to remain vigilant and use multi-factor authentication and donation-fraud monitoring tools where possible.
Final Thoughts
The “Deadly Time” scam on Steam is a brutal reminder that even trusted digital environments can harbor bad actors. It also highlights how real-world struggles — like a cancer diagnosis — can be cruelly leveraged for personal gain by cybercriminals.
As the gaming community demands transparency and tighter security standards from platforms like Steam, users must also remain aware and cautious. Verifying donation links, using secure browsers, and keeping antivirus software up to date are small but essential steps to avoid falling victim to similar attacks.
This isn’t just about one streamer. It’s a wake-up call for all of us in the digital age.