Activision investigating password-stealing malware targeting game players
Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned.
At this point, the hackers’ specific goals — apart from stealing passwords for various types of accounts — are unclear. Somehow, the hackers are getting malware on the victims' computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources.
A person with knowledge of the incidents, who asked to remain anonymous because they weren’t authorized to speak to the press, said that people at Activision Blizzard are investigating, trying to “help remove the malware,” and “working on identifying and remediating player accounts for anyone affected.”
“There is not enough data yet on how [the malware] is spreading,” the person said. “It could be only affecting folks who have third-party tools installed.”
Contact Us
Do you know more about this hack? Or other video game hacking incidents? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Activision spokesperson Delaney Simmons told TechCrunch that the company is aware of “claims that some player credentials across the broader industry could be compromised from malware from downloading or using unauthorized software,” and that the company servers “remain secure and uncompromised.”
Activision denied that the company is helping to remove the malware. A spokesperson said the issue is with third-party software vendors and not with Activision software or platforms.
The malware campaign appears to have been uncovered first by Zebleer, a person who develops and sells cheating software for the popular first-person shooter Call of Duty. On Wednesday, in the official channel for the PhantomOverlay cheat provider, Zebleer said that hackers were targeting gamers — some who use cheats — to steal their usernames and passwords.
Zebleer described the effort as an "infostealer malware campaign," where malware designed as legitimate-looking software unknowingly installed by the victim surreptitiously steals their usernames and passwords.
Zebleer told TechCrunch that he found out about the hacking campaign when a PhantomOverlay customer had their account for the cheat software stolen. At that point, Zebleer added, he started investigating and was able to find the database of stolen credentials that the hackers were amassing.
After that, Zebleer said he contacted Activision Blizzard as well as other cheat makers, whose users appear to be affected.
TechCrunch obtained a sample of the allegedly stolen logins, and verified that a portion of the data are genuine credentials. It's not clear how old or recent the data is.
At this point, there are no reasons to believe regular players of Activision games are at risk, just those who use third-party apps such as cheats.
In any case, as Activision's Simmons told TechCrunch, users who suspect they may have been compromised can change their password and activate two-factor authentication.
Added additional details from Activision in the sixth paragraph.