Cybercriminals are a crafty bunch and are constantly dreaming up new ways to infect or compromise targets.
Activision has detailed an infection method being used by ne’er-do-wells to punish cheaters in Call of Duty: Warzone. Cheating in games such as Warzone is almost as big as Warzone’s install size and this presents an opportunity for cybercriminals.
The firm reports that in March 2020 ts noted multiple hacking forums advertising a simple way to spread a remote access trojan. The method relied on something called a dropper. A dropper is a piece of malware that allows an additional piece of malware to be installed on a target machine.
“The actor’s suggested method for convincing the victims to disable their protections is made significantly easier by advertising their RAT as a video game cheat. It is common practice when configuring a cheat program to run it the with the highest system privileges. Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc,” wrote Activision.
While we don’t condone or support cybercrime, we have to step back and admire the beautiful simplicity of this attack vector.
A month after discovering the dropper, Activision spotted a fake cheat posted to a cheating website. Thankfully, there is seemingly honour among cheaters and cheating websites vet products advertised. In the case of the fake cheat it was removed but there have been several returns to using a dropper as a fake cheat particularly for Call of Duty: Warzone.
So brazen are the creators of these malware cheats that you can find a tutorial and a link to download the dropper on YouTube.
You can find Activision’s full analysis of fake cheats here in PDF format.
If the numerous stories about cheats hiding malware hasn’t been enough to deter you from cheating so far, it’s worth reconsidering your actions now. While you might not be afraid of a ban, you might not enjoy having a keylogger installed to your PC without your knowledge.
Cheaters really never do prosper, especially with cybercriminals looking to make a quick buck.