World of Warcraft players are being attacked of this new malicious code which forces them to give up their in-game money. And for those who don’t know about this gold-stealing script, then you probably want to read all the details below.
Now this was posted earlier this week in a reddit thread. The alleged scammer will try to impersonate a well-known player groups (“guilds,” in World of Warcraft phraseology), and will send a private message to his/her target player.
After a few conversations, the scammer will then ask players to type a certain command in their chat window. At first glance, you will surely think that it would be okay to input these codes on your chatbox as normally, high-level players and many guilds require members to use custom interfaces or guild-specific mods. If players will run the script, the attacker will then have access to the victim’s user interface wherein he can open the trade windows and begin to loot all the victim’s stuff like in-game currency and valuable player items. What’s worse is that script can send out new attacks to the victim’s friends also.
“One of the people in the guild did as the hacker asked, and is now whispering [sending a private message directly] other people scripts that he can't even see, the same script the scammer and hacker is using, and also a few others,” the user wrote. “No idea what's going on. For lack of a better word, it's like...the script infects the users who run it, forcing them to become part of it.” Yikes!
In this chat transcript posted by a WoW player who also encountered the scammer, the attack begins with the request to run a script. The attacker immediately sends a direct message that would, if the victim had actually taken the bait, began to give the hacker control.
You can see a sample of the script below which was posted by a WoW player who encountered the alleged scammer.
|(If the victim run the script, the attacker immediately sends a direct message that would instantly give the hacker control.)|
Once your character has been taken over by this malicious code, it will then begin to send direct messages to your friends. Most players will not run this kind of script or install any software which was send to them by random players. But if this script was sent by your long-time gaming buddy, I know for sure that there’s a possibility that you’ll run this script.
The process involved here is very similar to an attack that began earlier this year using WeakAuras, a common add-on that sets up custom scripts and shares them with others. “This Aura, if loaded by you, will force you to trade the scammer all of your gold if a trade is initiated, regardless whether it is you or the scammer who initiates the trade,” a user warned others in January. “You won't see a trade screen. You won't get to click a button to confirm it. All you will hear is the sound of coins, and your gold will be gone.”
Redditors who looked at the script don’t think that the more recent attack is exactly the same as the WeakAuras attack. The most likely culprit in this case is Prat, a popular chat and messaging add-on.
If these attacks are being enabled by multiple weaknesses in multiple add-ons, as these users suspect, the eventual solution will most likely have to come from WoW owner Blizzard itself. To top this vulnerability at its source, Blizzard would need to change the WoW API so that add-ons, whether they are being used for fun by players or exploited by an attacker, can’t have this kind of power.
Blizzard doesn’t officially support add-ons and categorically does not support any of the real-world cash to in-game gold trades that are often being advertised to begin this kind of attack. This puts the burden of caution on players—as one moderator in the WoW subreddit reminds players, “Also note that Blizzard does NOT support paid runs for cash or gold, if you get scammed, your gold is gone.”
For more World of Warcraft news and updates, please do check out our blog daily. Or if you have some spare time to read, then you might want to check out some of our World of Warcraft articles here.
Source: World of Warcraft Reddit
Source: World of Warcraft Reddit