Hackers are infecting players of an old Call of Duty game with a worm that spreads automatically in online lobbies, according to two analyses of the malware.
On June 26, a user on a Steam forum alerted other players of Call of Duty: Modern Warfare 2 that hackers “attack using hacked lobbies,” and suggested running an antivirus. The malware mentioned in the thread appears to be on the malware online repository VirusTotal.
Another player claimed to have analyzed the malware and wrote in the same forum thread that the malware appears to be a worm, based on a series of text strings inside the malware. A game industry insider, who asked to remain anonymous because they were not allowed to speak to the press, confirmed that the malware contains those strings, indicating a worm.
Activision spokesperson Neil Wood referred to a tweet posted by the company on an official Call of Duty updates Twitter account, which vaguely acknowledges the malware.
“Multiplayer for Call of Duty: Modern Warfare 2 (2009) on Steam was brought offline while we investigate reports of an issue,” the tweet read.
It’s unclear why the hackers are spreading this malware. The malware is a worm because it appears to spread through online lobbies automatically from one infected player to another. This means the hackers must have found and are exploiting one or multiple bugs in the game to execute malicious code on the other players’ computers.
Call of Duty: Modern Warfare 2 was released by games giant Activision in 2009, but still has a small online community of players. According to a website that tracks the number of players who are playing video games online, there were around 600 people playing the game at the time of writing.
Valve, which runs the Steam platform, did not respond to a request for comment.
While there have been cases of malware distributed through video games, usually this is through trojanized versions of game installers and even cheats.
Do you have information about this hack? Or other video game hacks? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.