Games

Activision Reveals Malware Disguised as 'Call of Duty: Warzone' Cheats

Security researchers at the gaming company published a report that details a hacking campaign that used malware hidden inside a cheat for the popular online game.
Screen Shot 2021-03-31 at 12
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Hackers hid malware inside a cheat for Call of Duty: Warzone, according to new research published by the game's publisher Activision.

Security researchers at the gaming company published an in depth report about the malware on Wednesday, revealing the clever malware campaign. Activision security researchers found that a Warzone cheat advertised on popular cheating forums was actually malware that let hackers take control of the victims' computers. The cheat installed a "dropper," a type of malicious application that can be used to download and install other types of malware on the victim's computer. 

Advertisement

"The dropper examined in this report, 'Cod Dropper v0.1,' can be customized to install other, more destructive, malware onto the targets’ machines," the report reads.  

A person familiar with the recent malware campaign targeting gamers said that one of the goals of the malware was to use gamers' powerful GPU's to mine cryptocurrency.

There is a sprawling industry of developers, sellers, re-sellers, and users of cheats for popular online games. These cheats are used by thousands of gamers, some of whom get routinely banned by gaming companies who employ anti-cheat systems and researchers. 

Screen Shot 2021-03-31 at 9.15.18 AM.png

The Vigilante Hunting Down Cheaters in Video Games

Many popular cheats require users to disable anti-virus programs and give the cheating software the highest security privileges on the cheater's computer in order to remain undetected by anti-cheating software. This is a golden opportunity for malware, like the kind revealed in Activision's report. With those security features disabled, cheaters might not see the red flags that warn them that the application they downloaded is actually malware. 

"When it comes down to it, the dependencies for a 'genuine' cheat to work are the same as those needed by most malware tools to successfully execute. System protections need to be bypassed or disabled, and privileges need to be escalated to allow the program to run correctly and/or establish persistence," the Activision researchers wrote in the report. "While this method is rather simplistic, it is ultimately a social engineering technique that leverages the willingness of its target (players that want to cheat) to voluntarily lower their security protections and ignore warnings about running potentially malicious software."

Advertisement

Do you reverse engineer and develop cheats for games? Or do you work on anti-cheat engines? We’d love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, lorenzofb on Wickr, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com

The developers of the malware advertised it on hacking forums as an "effective method" and as “some nice bait for your first malware project.” The hackers even published videos on YouTube that show a tutorial on how to use the malware, as well as videos promoting the malware as an "undetected cheat for COD WARZONE."

Targeting Warzone gamers makes sense as it's a free game played by millions of people. There are also thousands of cheaters, who routinely get banned. In February, Activision banned more than 60,000 cheaters, and in September the company banned around 20,000 cheaters

Screen Shot 2021-03-31 at 9.10.16 AM.png

This is not the first time hackers try to take advantage of the demand for cheats to hack computers. On Wednesday, cybersecurity company Cisco Talos published a report on another malware hidden inside a cheat application. The researchers did not specify what game this malware was targeting. 

Subscribe to our cybersecurity podcast, CYBER.