Call Of Duty Players Caught In Crosshairs Of A Self-Replicating Malware Campaign
In recent days and weeks, Call of Duty has seen an uptick in population since the online servers were fixed up, allowing players to return to their old haunts and have some fun. However, with this uptick in activity, cheaters and hackers are looking to ruin the fun and nostalgia for CoD players. As it turns out, they may be after even more with the ability to drop malware onto unsuspecting players who jump into hacked lobbies.
Just a few days ago, a thread for Call of Duty: Modern Warfare 2 (2009) popped up in the Steam community, alerting players about needing antivirus before playing. Purportedly, hackers have found a way to replace dsound.dll in hacked lobbies with supposed malware that gets flagged as “Trojan:Win32 Wacatac.B!ml.”
Members of the information security community have begun to dive into this malware just as we have, finding several interesting tidbits of information. First and foremost, this file has many rather questionable strings, including direct references to this malware being a worm. Furthermore, it indicates that the hacker refers to themselves as “shiny.” This name can seemingly be tied back to earlier malware samples that did not have obfuscated code.
X users @bquintero and @entdark_ noted that with older samples, there is a download of dsound.dll from shinyware[dot]systems and similar worm references. It is also believed that players were selected to be spreaders of the worm with a random number generator. Furthermore, the malware would try and prevent other RCE attempts and potentially even block them.
With this situation ongoing, the multiplayer servers for Call of Duty: Modern Warfare 2 were brought offline to investigate. At this time, though, there have been no updates from the Call of Duty team. Hopefully, whatever vulnerability that is allowing this worm to work will be nipped in the bud soon. As for players who have been playing COD: MW2 (2009), installing or updating your antivirus solution is recommended to help protect yourself, just in case.