Vulnerabilities have been found in popular online games that allow attackers access to credit card and user data, researchers claim.
The remote code execution holes were discovered by two Italian researchers Luigi Auriemma and Donato Ferrante who operate subscription vulnerability service Revuln. Attackers have the ability to siphon credit cards from several “big” online multiplayer games where users make in game purchases.
“One of the possible things that can be achieved is for instance installing malware on a remote system and having this system joining a botnet, composed by all the players of the vulnerable games,” the researchers said.
The security attitude of online multiplayer games was poor, mainly because software companies were concentrated on making their products feature-rich and enjoyable.
“Companies working in the games market don’t like to invest in making their software secure, they are more concerned about people cheating than having their customers compromised by a security vulnerability.”
The surfeit of complex features made the platforms vulnerable, notably those written in C/C++ which was prone to security issues including buffer overflows to format string bugs.