Criminals have been hiding malware inside publicly available software that purports to be a cheat for Activision’s Call of Duty: Warzone,
Activision said that a popular cheating site was circulating a fake cheat for Call of Duty: Warzone that contained a dropper, a term for a type of backdoor that installs specific pieces of malware chosen by the person who created it. Named Warzone Cheat Engine, the cheat was available on the site in April 2020 and again last month.
The cheat instructed users to run the program as an administrator and to disable antivirus. While these settings are often required for a cheat to work, they also make it easier for malware to survive reboots and to go undetected, since users won’t get warnings of the infection or that software is seeking heightened privileges.
“While this method is rather simplistic, it is ultimately a social engineering technique that leverages the willingness of its target to voluntarily lower their security protections and ignore warnings about running potentially malicious software,”
Warzone Cheat Engine variants that installed a host of malware, including a cryptojacker, which uses the resources of an infected gaming computer to surreptitiously mine cryptocurrency.
Activision’s analysis said that multiple malware forums have regularly advertised a kit that customizes the fake cheat. The kit makes it easy to create versions of Warzone Cheat Engine that deliver malicious payloads chosen by the criminal using it.
Activision’s report came on the same day that Cisco’s Talos security team disclosed a new malware campaign targeting gamers who use cheats. The malicious cheats used a previously unknown cryptor tool that prevented antivirus programs from detecting the payload. Talos didn’t identify the game titles that were targeted.