The criminals were hide malware in publicly available software that claims to be a cheat for Activision Call of Duty: Warzoneresearchers at the game maker warned last week.
Cheaters are programs that alter game events or player interactions so that users gain an unfair advantage over their opponents. Software typically works by accessing computer memory during gameplay and changing health, ammo, score, lives, inventories, or other information. Cheats are almost always forbidden by game makers.
Wednesday, Activision said that a popular cheat site was disseminating a fake cheat for Call of Duty: Warzone that contained a dropper, a term for a type of backdoor that installs specific malware chosen by the person who created it. Named Warzone Cheat Engine, the cheat was available on the site in April 2020 and again last month.
People promoting cheating have asked users to run the program as administrator and turn off the antivirus. While these settings are often necessary for a cheat to work, they also make it easier. malware to survive reboots and not be detected because users will not receive a warning of the infection or the software checks for increased privileges.
“While this method is rather simplistic, it is ultimately a social engineering technique that takes advantage of the willingness of its target (players who want to cheat) to voluntarily lower their security protections and ‘ignore warnings about running potentially malicious software,’ Activision researchers wrote in a deep analyze. They have provided a long list of Warzone Cheat Engine variants that have installed a host of malware, including a cryptojacker, which uses the resources of an infected gaming computer to surreptitiously exploit cryptocurrency.
Activision’s analysis indicates that several malware forums have regularly announced a kit that personalizes the fake cheat. The kit makes it easy to create versions of Warzone Cheat Engine that deliver malicious payloads chosen by the criminal who uses it.
The vendors of the kit advertised it as an “efficient” way to spread malware and “a good bait for your first malware project.” The sellers have also posted YouTube videos that promote the kit and how to use it.
Activision’s report arrived on the same day as Cisco’s Talos security team disclosed a new malware campaign targeting players who use cheats. The malicious tricks used a previously unknown encryption tool that prevented anti-virus programs from detecting the payload. Talos did not identify the targeted game titles.
This story originally appeared on Ars Technica.
More WIRED stories
- 📩 The latest news in technology, science and more: Receive our newsletters!
- A boy, his brain and a decades-long medical controversy
- Why do you stay up late even when you know you shouldn’t
- After a distant year, technology the shadow workforce barely clings
- Bill Gates is optimistic about climate, capitalism and even politics
- How to stop misinformation before it’s shared
- 👁️ Explore AI like never before with our new database
- 🎮 WIRED Games: get the latest tips, advice and more
- 💻 Improve your working game with our Gear team favorite laptops, keyboards, input alternatives, and noise canceling headphones