Thursday, January 27, 2022

New advanced malware targeting gamers

A brand new Trojan viruses is directed at users of the well-known online role-playing game World of Warcraft and it’s efficient at hijacking accounts even when people use two-factor authentication.

“We’ve been receiving reports regarding a dangerous Trojan that is being used to compromise players’ accounts even if they are using an authenticator for protection,” a employee of Blizzard (company that owns World of Warcraft) stated Friday in a message on their forums. “The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.”

By recording log-in attempts on contaminated pcs, the Trojan can record both regular user names and passwords and also the unique codes generated by authenticators supplied for “extra security”. Because these generated codes are basically one-time passwords that expire after being used, the genuine log-in attempts are obstructed by the malware, while victims attempt to determine what went wrong, the captured details are delivered to the attackers who are able to then steal the accounts.

This really is much like how other Trojans enable attackers to destroy two-factor authentication utilized by Online banking sites.

Symptoms of infection with this particular malware range from the existence of an application called “Disker” or “Disker64” within the Windows startup list. Users can observe this list by generating a MSInfo report using instructions on the site and then look under the “Startup Program” section in your MSconfig.

People who believe their computer systems have been infected with this Trojan have been recommended to uninstall the Curse Client and then run a scan with Malwarebytes. Nonetheless, most security products will be able to detect the Trojan program at this point, the Blizzard representative mentioned.

“For those of you interested in these MitM [man-in-the-middle] style attacks, this is the only confirmed case we’ve seen in several years outside of the ‘Configuring/HIMYM’ trojan in early 2012 that hit a handful of accounts,” the Blizzard representative said. “These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Exploit Kit activity on a steep decline since April

As malware writers are moving to Neutrino and RIG exploit kits (EK) for dispersal needs, security experts …