- Activision research team has reported a dropper that disguises itself as a cheat to Call of Duty: Warzone.
- Once installed, the dropper installs a remote access trojan on the target system.
- It uses the victim's willingness to override the system's security settings.
The gaming community has often been the hunting ground for malicious threats online. A recent example is malware being spread through a publicly available software package for the players of Call of Duty: Warzone. Mind you, the software is banned by the game.
That is because the software appears to be a cheat to the game. The research division of Activision, developer of the widely popular game, identified the threat in a recent blog. Threat - the software package is not a cheat at all but a malware dropper.
The company explains that droppers are pieces of malware used to "install or deliver an additional payload." In its new report, it identifies a "Cod Dropper v0.1" that can be customized to install "other, more destructive malware" onto the targets' machines. This destructive nature can range from stealing data like the victim's credentials to providing remote access to the device for the threat actor.
Although a dropper itself doesn't harm the target system, it is an essential link to the malicious practice. Activision's security research team found that the dropper, in this case, had been spreading a remote access trojan (RAT) that further provided remote access for a threat actor to its target.
In its report, Activision states that the cheat emerged on multiple hacking forums in March 2020. It was advertised as a free, "newbie [beginner] friendly", and "effective" method for spreading the RAT.
The trojan is not sophisticated in nature, though. Meaning it cannot make its way through security systems on a device easily. Activision says that it relies on the "victim's willingness" to disable several of these security settings on their own systems. The guides to using the cheats will ask users to disable or uninstall antivirus software, firewalls and other such security settings in place.
Disguising the trojan as a game cheat hence makes it much easier for the threat actor to spread it online. Anyone who has ever installed a game cheat or a modification would know the amount of tampering to be done with the system settings. Many of them have the same result.
So making the trojan popular in the hacking community wasn't a challenge for its maker. A thread on a hacking forum explained the trojan and its step by step working. On the thread, the actor included the file needed to set up the fake cheat and even shared advice on how to use it. The thread has gained over 10,000 views since its post.
Activision notes that the instructions allow even new and inexperienced threat actors to use the trojan against unsuspecting gamers looking for a cheat online. Since its first appearance online, it has been spotted being advertised on multiple online forums, including YouTube videos.
In one such advertisement, the software package promises to offer the COD gamers an aimbot, instant kill on one hit, a new crosshair, infinite ammo, extra speed and jump and the ability to look through walls. The package was available for $10 in bitcoin, and judging from the comments on the YouTube video, people downloaded and tried to run it.
It is easy to see how gamers looking for a quick shot at online glory can fall for such malicious tricks. Activision has shared a list of associate droppers that have been detected by its team, making it evident that the threat is not limited.
Bottom line - play by the rules.