2 min read

World of Warcraft Accounts at Risk From Trojaned Wowmatrix

Răzvan STOICA

March 05, 2010

World of Warcraft Accounts at Risk From Trojaned Wowmatrix

Security researchers at BitDefender identified a trojan that is used to steal the virtual goods in World of Warcraft player accounts which are protected using the previously-thought-unbreakable Blizzard Battle.net Authenticator.

The authenticator is an electronic device generates a one-time numerical token (a string of six digits, in fact) which is used in conjunction with a regular username and password to gain access to a user’s account. The six- digit strings are mathematically related to the (unique) serial number assigned to each authenticator device, in such a way that Battle.net servers can verify that a certain six-digit token was issued from a certain generator.

The method was supposed to be safer than regular password-based authentication, as an attacker would need both the username/password combination and a valid token to log in, and, obviously, the token would only be accessible to the person actually holding the token generator.

It turns out, however, that there is a way to steal and use a token – and it’s quite simple, provided one can convince World of Warcraft users to install a trojaned copy of Wowmatrix (Wowmatrix is a popular auto-updater for World of Warcraft extensions).

Once installed, Trojan.PWS.WOW.NGT patches (modifies) the World of Warcraft client executable in-memory, when it is loaded, and thus retrieves a valid token, which gets sent to an attacker-controlled server along with some information about the victim’s system. The game executable is then crashed before it can attempt to log in using the token.

The attacker is now in possesion of a valid, unused token, which gets immediately used to log in and “clean out” all the virtual goods iof the victim, by the simple method of selling them and sending the resulted virtual cash to an attacker-controlled account, as a “gift” from one player to another.

“There is, obviously, significant overlap between the population of BitDefender researchers and that of World of Warcraft players, but our reaction to reports from the World of Warcraft community would have been swift in any case, as the token authentication method is used by organisations other than Blizzard. We may be seeing the tip of a rather large and menacing iceberg here.” declared Viorel Canja, Head of BitDefender Labs.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read