Cybersecurity experts have exposed a new type of cyberattack that is mainly hitting Call of Duty players, popular shooter in first person that enjoys a wide community of users.
Criminals operating in cyberspace have found a mechanism to invade the computers of whoever plays the video game and later manage to take control of the devices.
This attack is mainly affecting Call of Duty: Black Ops III playersone of the installments of the popular franchise that was released before the next generation consoles (PlayStation 5 and Xbox Series X / S) were launched.
According to what some have reported streamers who share content about their games in the video game, the cyberattack is executed as soon as the player enters the game from their PC.
How is the cyber attack executed in Call of Duty?
Cybersecurity specialists and members of the gaming community affirm that cybercriminals enter the waiting rooms to start games, from that area the criminals use a tool that allows them to know the IP address of each player.
Once they extract that information the cybercriminal kicks players out of games and later takes control of the content that is downloaded to the computer of the victim.
It should be noted that Call of Duty: Black Ops III is a title that was released in 2015 and despite the fact that today it has a player base of approximately 5,000, Activision had among its priorities to take actions to solve the situation because it is of a juice from eight years ago.
In fact, the problem with shooter in the first person it was already reported to Activision for a couple of months. For this reason, the same players who are part of the game community are joining their efforts to develop a patch that corrects the vulnerability.
“I’m guessing they somehow recorded that it exists, passed it on to the dev team, and then somehow it’s lost, probably due to the fact that old games don’t get priority anymore. Since Activision isn’t doing anything, I’m just going to fix things myself,” Maurice Heumann said in an interview for TechCrunch.
According to Heumann, a software developer and member of the team of players who are working on fixing the problem, the hackers are taking advantage of two security holes that make it possible to remotely invade the computers of those who play the title online.
Currently, the software developer is trying to create an option for the game to launch safely so that players do not expose themselves to the threat of cybercriminals, but Heumann has not yet achieved his goal and therefore has asked Greater support from the gaming community.
Therefore, those who still try to play online games of Call of Duty: Black Ops III from their PC are still vulnerable to hackers.
Activision Blizzard acknowledges a data breach that exposed video games like Call of Duty
A couple of weeks ago Activision Blizzard acknowledged that it suffered a data breach in December 2022 through a campaign of ‘phishing’ attacks that affected an employee of the developer, exposing information from other employees and from some video games such as Call of Duty.
The malicious actors launched a ‘phishing’ attack campaign on December 4 of last year, through which they managed to deceive an employee of the developer, obtaining access to the company’s internal systems and, therefore, to information and confidential documents.
This is explained by the security group vx-underground through a publication on its Twitter account, in which it also specifies that the attack leaked a content release schedule with information on the developer’s plans until the month of November of this year 2023.
Likewise, they have also shared screenshots of the ‘phishing’ messages sent to employees, where it is shown that the attackers were posing as the company, informing them of a problem and asking them to provide confidential data and enter malicious links. .
For its part, Activision Blizzard had not commented on the matter. However, according to statements by a spokesperson for the developer collected by BleepingComputer, the company has confirmed this attack and explained that its Security team “quickly addressed the ‘phishing’ attempt by SMS and quickly resolved it.”
In addition, the company spokesman assures that, after an “exhaustive” investigation, the attackers did not access sensitive employee data, game codes, or player data.
Contrary to these statements by Activision Blizzard, media such as Insider Gaming claim to have had access to all the data from the leak. Among these data are full names, email addresses, phone numbers, salaries and even workplace of employees.
Following this thread, among the information exposed on video games there is data on the seasons planned by the developer, with information such as the content packages that it plans to launch in each one. These data corresponds, among others, to the Call of Duty franchise, with map updates, different missions, events, or new weapons.
*With information from Europa Press