Malware and cheating in PC games have been a very chaotic relationship for years. Whether it’s scams wanting to steal account data or malware looking to make money, the spread of computer viruses has abused the curiosity of users for years. If you’ve downloaded hacks before, there’s a good chance you probably had to be aware of this, or risk falling prey to these scams. But before we explain what happened here, let’s get a bit of background out of the way. First, droppers.
Droppers are memory injection applications that can be used to force cheats and bots to work. Because of the way they work, they often trip various anti-malware protections. In this case, you need to pay attention. According to a new Activision security report; Activision has been banning cheaters, to the tune of 30,000 accounts, that were caught hacking in Call of Duty Warzone. These bans also revealed that the game has been wracked with cheaters, and the problem isn’t getting better.
These can also be used to distribute malware, by silently installing other software to do malicious things. The addition of a new strain of malware makes it much more dangerous. CoD Dropper v0.1 is the thing you should be wary of, in this case. This new dropper is actually a virus in disguise.
“It is common practice when configuring a cheat program to run it with the highest system privileges,” Activision reported. “Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code-signing, etc.”
This particular malware was pushed on various forums, masquerading as Cheat Engine, a common game-hacking tool. The forum threads got thousands of views and hundreds of replies, suggesting hundreds of potential infections. And since the thread kept coming back after being removed by forum administrators, more people have likely been infected. There were also YouTube videos spreading the malware, a common spread tactic for malware like this.
Activision explained that the malware is a RAT that gives an attacker full access to the victim’s machine. RATs, or Remote Administration Tools, are often used in certain legitimate applications to handle tech support and remote work issues. In this case, though, the RAT is all about stealing data and taking over PCs.
CoD Dropper v0.1 spreads by injecting malicious code via the ‘COD_bin’ object. That object is assembled using .NET libraries, and then injects code from external URLs, dropping new malware onto the system. The actual payload is delivered when the “dropper” spawns a new process called “CheatEngine.exe”, that process then drops the actual payload.