Hackers have been infecting Call of Duty: Modern Warfare 2 players with self-spreading malware for about a month, exploiting a bug reported to the game’s publisher five years ago.
An X user posted a screenshot showing the code behind the self-spreading malware.
Maurice Heumann, a security researcher who for years has been finding and reporting bugs in several Call of Duty games, told TechCrunch that the screenshot reveals that the malware is using a bug and a method to exploit the game that he personally discovered and reported to Activision in 2018, the gaming giant that publishes the Call of Duty series.
“No fix was ever published. In fact, half a year later I sent a follow-up email to ask if they fixed it,” Heumann said.
Heumann claimed he never disclosed the bug’s specifics because Activision did not fix it and that doing so might have affected players.
Referring to the bug he reported, Heumann said that “it’s super easy to exploit.”
“It’s a simple buffer overflow with only very few limitations,” he said, referring to a well-known class of vulnerability.
“Writing a full-fledged exploit is a simple task.”
A security researcher examined the malware sample for TechCrunch and verified that the strings in the screenshot are in fact present in the malware. The code Heumann is referring to is also included in the malware study published on another online repository.
Some antivirus engines have labeled the sample as a “CoDworm”
Last week, the game publisher announced that it “brought” the game “offline” on the gaming platform Steam “while we investigate reports of an issue.”
Also, it is unknown what the hackers aim to achieve with this worm.
The Call of Duty: Modern Warfare 2 game was released by Activision in 2009.
