The malware spreads through messages posted to Twitch chat that try to entice users into entering a weekly raffle. Click on the link, and a Java program will open up a phony raffle entry form.
Once you fill out and submit the form (which, according to F-Secure, doesn't actually get sent anywhere), the malware goes to work. It installs and runs a Windows binary that can gain access to your Steam account and add friends, accept friend requests, trade items, and sell items in the market at a discount.
As a result, the malware can "wipe your Steam wallet, armory, and inventory dry," according to F-Secure, and sell your items at a discount on the Steam Community Market. The idea here is that the attacker can sell uninteresting items from your account, then buy themselves more interesting items. Shady.
Since this all happens on your system, it bypasses Steam's security measures to prevent others from logging into your account on another PC. F-Secure recommends that Steam add new security measures "for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold."
In the meantime, though, be careful what you click on, and don't enter raffles and giveaways from people or companies you don't know and trust.