Hackers spread malware via Call of Duty
Worm malware was discovered in the lobbies of Call of Duty: Modern Warefare 2
Add bookmarkMalicious actors are using the player lobbies of Call of Duty: Modern Warfare 2 to spread self-replicating malware.
Players were alerted to the malware spread on July 26 via a post on gaming platform Steam. A user of the site made a post warning Call of Duty: Modern Warfare 2 players that hackers were “attack[ing] using hacked lobbies”. They suggested that players run antivirus software before playing.
Self-replicating malware, also known as worms, is a type of malicious program that is deployed with the aim of spreading it to more devices. Unlike other forms of malware, worms do not need a human or host program to run, which means it executes its programming itself once downloaded onto a device, allowing it to spread independently.
By itself, a worm can impact devices in a number of ways, including taking up disk space and even deleting files in order to make more copies of itself. If the worm is equipped with a payload, this can allow the malicious actors to inflict even more damage.
In the same forum thread as the warning about the malware, one play analyzed the worm and found that it seemed to have been specifically coded for Call of Duty: Modern Warfare 2. Other players speculated as to the worm’s purpose, noting that its dynamic-link library (DLL), “seems to check for custom lobbies and prevent you from joining/hosting one”. Users also noted that the worm itself functioned via remote code execution (RCE), yet also prevented any RCE from being executed on its host.
The official Call of Duty Updates X (formerly Twitter) account posted about the malware, saying the game had been taken offline while the game’s producer Activision “investigate[s] reports of an issue”.