KEY FINDINGS
- The Call of Duty: Modern Warfare 2 servers were taken offline on July 26th.
- The malware is believed to be a self-spreading worm targeting PC gamers.
- As of the time of writing, the Modern Warfare 2 servers were back online.
Last month, Call of Duty: Modern Warfare 2 players expressed concerns on the Steam discussion page over the presence of a self-spreading worm virus on the PC version of the game. In response, Activision, the company behind the legendary Call of Duty franchise, took the game’s servers offline on July 26th, 2023.
Cybercriminals Eyeing Classic Games to Spread Malware
Recently, Activision brought back the servers for classic games like Modern Warfare 2, Modern Warfare 3, and Call of Duty Black Ops 1 and 2, responding to the increasing interest among players in these timeless titles.
Unfortunately, the excitement was short-lived as players soon detected unusual behaviour, prompting the company to take the servers offline once again. Apparently, the servers fell victim to a self-spreading worm virus, causing this unexpected setback. Concerns about the virus’s presence in the 2009 game were raised by users on June 26, 2023.
Steam users Kordiii and Bee wrote that the malware was Trojan:Win32 Wacatac.B!ml. This malware is already listed on VirusTotal.
Another user claimed that the malware was a worm virus because it contained a series of text strings inside that were coded for Call of Duty: Modern Warfare 2. Many users wrote that the offender was Wacatac.B!ml.
As a result, Activision took the original Modern Warfare 2 servers offline to address the issue. The company didn’t specify the problem but confirmed that it was aware of the reports on the Steam discussion forum and that the matter was under investigation.
Activision representative Neil Wood noted that the company had tweeted about the issue after the servers went offline.
“Multiplayer for Call of Duty: Modern Warfare 2 (2009) on Steam was brought offline while we investigate reports of an issue.”
Call of Duty Updates/Twitter
Researchers Believe Hacked Lobbies are Spreading the Virus
According to Tech Crunch, hacked lobbies were targeting players of Modern Warfare 2. Therefore, Activision immediately took its servers offline to prevent the further spreading of the malware.
It was also noted that hackers used a self-replicating worm that spread automatically from one user to another, which is how a typical worm virus behaves. So, everyone in the hacked lobbies would get their devices infected with the virus, and it would keep claiming one victim after another.
Researchers are currently investigating the motives behind hackers distributing the malware, speculating that they may have discovered one or multiple bugs to exploit, allowing them to execute malicious code on players’ computers. Additionally, a tweet from the company hints at the severity of the problem, suggesting that the issue has become deeply entrenched.
🛡 #MWII #Warzone
— Call of Duty Updates (@CODUpdates) July 28, 2023
In the last 24 hours, new detections directly targeting cheat developers at the source has led to over 14,000 account bans for cheating and hacking in Modern Warfare II and Warzone.
Nevertheless, this is not the first time Activision has suffered cybersecurity-related attacks. In earlier February of this year, Activision employees were targeted by an SMS phishing attack. As a result, hackers managed to access sensitive Activision data.