Sign in with
Sign up | Sign in

Hackers Bypass WoW Authenticators

By - Source: Tom's Hardware US | B 3 comments
Tags :

A new keylogger disguised as a World of Warcraft add-on is stealing account info and goods.

Last week reports of a "man-in-the-middle-attack" surfaced in regards to Blizzard's MMORPG. World of Warcraft. Apparently hackers have created a tool that grants them access to accounts protected by an authentication tool. Once they are in control of the account, hackers can thus steal virtual gold and possessions until the account password is reset. Currently there's no indication if the hackers gain access to data such as credit cards or other personal information.

The tool in question is a keylogger, possibly a file named emcor.dll which can be found in C:/Documents and Settings/Users/[username]/Application Data/Temp. Once the user launches the keylogger, the PC is infected and will in turn cause World of Warcraft to crash. Once the players re-start the game and log back into the account, the authenticator code is intercepted by the hacker. A different code is sent to Blizzard's servers, locking the player out.

So how do players get the keylogger on their PC? It all starts with a sponsored link in Google showing up as a top result for WowMatrix, a free World of Warcraft add-on installer and updater. The problem is that the listing isn't a genuine, leading gamers to the malware. "Several downloads are available and I decided to check out the installer / updater," reads this forum post. "Results are pretty low at virustotal for the executable. The detection of the DLL hooked into our system is even worse, only 1 antivirus suspects some illegal activity."

Because authenticator codes only last for 30 seconds, hackers have access to the WoW account until they log out. "This is still perpetrated by key loggers, and no method is always 100% secure," Blizzard said in this forum post.

WoW gamers are warned to stay away from the following sites, which are actually based on legitimate WoW related sites with a typo at the end of each URL:

  • wowmatrixf(dot)com
  • Cursea(dot)com
  • deadlybossmodss(dot)com
  • gamesacca(dot)com
Display 3 Comments.
This thread is closed for comments
  • 2 Hide
    Kraynor , 9 March 2010 05:34
    This isn't exactly a fair title, the Authenticator is still the best way to secure your account, and the chances of getting caught by a man-in-the-middle attack like this are insanely low as they have 30-60 seconds to get your information input before your authenticator key is void.
  • 0 Hide
    Anonymous , 9 March 2010 15:42
    AH lol why is that that wow gets all the attention when there are hacks! check out warcraft3 which has been uplayable for a very long time due to the amount of riduculous hacks available(maphack , drophack, invincible building hack). tHE WORST of the lot has to be the drop hack which freezes your computer once u start a game. At least half of the ladder games are plagues with that. This has been the main subject since the beg of the year but BLIZZARD did nothing since it is pretty much not gettin anymore money from it warcraft3 now even though there are still 1000s of users complaining every single day.
  • 0 Hide
    Anonymous , 9 March 2010 15:44
    FYI http://forums.battle.net/thread.html?topicId=22418631640&pageNo=1&sid=3000#1