Activision, in a strange turn, has now been forced to work with cheat providers for Call of Duty. The reasons, however, are justified and quite serious. Hackers are attacking Call of Duty players.
VX Underground was the first to spread the word on Twitter:
“Over the past couple of days we have become aware of malware targeting gamers! More specifically, a currently unidentified Threat Actor is utilizing an infostealer to target individuals who cheat (Pay-to-Cheat) in video games.
A Call of Duty cheat provider (PhantomOverlay) was alerted of fraudulent activity when user accounts began making unauthorized purchases. The cheat provider was the first to notice the fraudulent activity and reached out to the suspected victim. Since the initial victim was identified, more and more victims have been identified.
The scope of the impact is so large, and in a bizarre twist of fate, Activision Blizzard is coordinating with cheat providers to aid users impacted by the massive infostealer campaign.
Currently there is a presumed impact of:
– 3,662,627 Battlenet accounts compromised
– 561,183 Activision accounts compromised
– 117,366 Elite PVPers accounts compromised
– 572,831 UnknownCheats accounts compromised
– 1,365 PhantomOverlay accounts compromised
When Elite PVPers was approached by PhantomOverlay administrative staff about the compromised accounts, Elite PVPers confirmed they have identified 40,000+ valid user accounts compromised. These are seemingly freshly stolen credentials and are not present from previous publicly available credential dumps. However, due to the size of the data we have not been able to thoroughly review the data for duplicates.
Additionally, impacted users have begun reporting being victims of crypto-draining – their Electrum BTC wallets have been drained. We do not have any information on the amount of money stolen.
It should be noted that some of these accounts are also not cheaters. Some users impacted utilized gaming software for latency improvement (?), VPNs, and Controller Boosting software
(we don’t know what this means)”
For their part, Activision shared this message, via CharlieIntel, also on Twitter:
“There have been claims that some player credentials across the broader industry could be compromised from malware from downloading or using unauthorized software. Activision Blizzard servers remain secure and uncompromised. Our priority is always player account security. If players believe they may have clicked on a suspicious link or if they want to ensure their account is protected, they can change their password and follow recommended best practices here such as adding two factor authentication.”
Now, the assessment of presumed impact on Call of Duty user information does not necessarily mean that Activision Blizzard’s servers were compromised. It is possible, for example, that the hacker targeted the cheating softwares that the players used, instead of their Activision or Battlenet accounts. We won’t say that we are sure of which it is either way, but of course, Activision would send a message seeking to reassure their users that their accounts are fine.
Given the information from VX Underground, this does not seem to have affected Call of Duty players who were not using the targeted cheat software, as those distributed by Elite PVP, UnknownCheats, or PhantomOverlay.
But, Activision recognizes an obligation, legal or otherwise, to reach out and protect their users, since their product was still involved in what seems to be a high stakes hacking incident. Of course, this case involving cryptocurrency could mean theft in the millions, but stolen private information would be a significant enough concern to require their intervention.
Activision did not confirm that they were working with cheat providers, and in fact their statement doesn’t seem to acknowledge any incident happened at all. They may not be disclosing anything right now, not necessarily because they intend to hide it from the public, but because it could affect an ongoing criminal investigation. In that case, they may have been instructed not to acknowledge the hack is happening.
So we may not learn the truth about this report for a few months. If you do play Call of Duty now, it would be best if you follow Activision’s advice on securing your user information.
