The video gaming industry is a popular target for various threat actors. Players, as well as studios and publishers themselves, are at risk for both opportunistic and targeted cyber-attacks – tactics range from leveraging fake APKs of popular mobile games to compromising accounts for resale. Even APT (Advanced Persistent Threat) actors have been known to target the video gaming industry.
A hacking tool is promoted for use against gamers by masquerading as a cheat for Call of Duty: Warzone. This particular tool is considered a dropper, a piece of malware that is used to install or deliver an additional payload, such as credential-stealing malware, on a target system or device.
A dropper is a means to an end, rather than the end itself – but still is a critical link in the chain.
“The dropper examined in this report, “Cod Dropper v0.1”, can be customized to install other, more destructive, malware onto the targets’ machines,” Activision’s new report says.
What the Cheat was doing to Users’ Computers?
In March of 2020, a threat actor posted on multiple hacking forums advertising a free, “newbie friendly”, and “effective” method, for spreading a remote access trojan (RAT) – malware that primarily does what it implies, provides remote access for a threat actor to the target it is delivered to.
While there likely are hundreds of guides covering RAT distribution methods this one relies not on sophisticated tactics but on the victim’s willingness to disable several security settings on their systems. The actor’s suggested method for convincing the victims to disable their protections is made significantly easier by advertising their RAT as a video game cheat.
It is common practice when configuring a cheat program to run it with the highest system privileges. Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc.
The actor also included the file needed to set up the fake cheat. Since the method was posted the thread has gained over 10,000 views and 260 replies.
Players who used the said hack were then targeted on their computer to have their data taken against their permission.
Fake Call Of Duty Cheats Advertisements
The fake cheat shown below was posted on a popular cheating site in April 2020 and advertised as a “new cod hack.” It should be noted, however, that many illicit sites do a fair job of policing their listings to ensure only “genuine” cheat tools are advertised, requiring an increased burden on the actor to rework their advertisements to better fly under the radar.
This has not discouraged these threat actors, as the same fake cheat was posted on the forum again recently on March 1, 2021.
Another YouTube video also advertised the cheat as an “undetected” cheat for COD Warzone 2020. The YouTube video gave more detailed setup instructions and feature descriptions than the initial forum post.
The description included instructions to run the program as an administrator and to disable antivirus. In likely a further attempt to scam people, the description also offered a private version of the cheat for a $10.00 BTC payment.
The report says that it looks like a genuine cheat, but in fact, is malware that destroys your computer and data.
“When it comes down to it, the dependencies for a “genuine” cheat to work are the same as those needed by most malware tools to successfully execute. System protections need to be bypassed or disabled, and privileges need to be escalated to allow the program to run correctly and/or establish persistence”.
“While this method is rather simplistic, it is ultimately a social engineering technique that leverages the willingness of its target (players that want to cheat) to voluntarily lower their security protections and ignore warnings about running potentially malicious software”.