Gamers hacked playing Call of Duty: WWII—PC version temporarily taken offline

RCE is the name for a critical security flaw that allows attackers to run malicious code on a victim’s machine without their consent or physical access. Exploiting an RCE could lead to data breaches, taking control of systems, and installing malware. In this case, it seems as though attackers were using the RCE vulnerability to gain remote access to other players’ computers during games. They reportedly:

• Opened command prompts on victims’ PCs
• Sent mocking messages via Notepad
• Forced remote shutdowns of players’ computers
• Changed desktop wallpapers to display gay porn

Game Pass is a subscription service offered by Microsoft Gaming. Because consoles generally don’t allow this level of code execution, it’s only Windows PC gamers that were affected by this.

The hacking of older titles is an open-air secret among the Call of Duty community, with players often avoiding the games on Steam. The problem likely lies in the fact that the multi-player game relies on peer-to-peer (P2P) networking which means that one player’s machine acts as the match’s server.

There is a lot of speculation about Activision working to update the game’s anti-cheat systems called “Ricochet” as the title is seemingly rampant with abusers. But whether and how this update will fix the RCE vulnerability is a big unknown. We’ll keep you updated.

What gamers should do

This vulnerability is particularly alarming because it not only allows hackers to disrupt gameplay, it has the potential to compromise gamers’ entire PCs remotely.

This story shows how even established titles can put your machine at risk. While it’s unclear if the Steam version is impacted, these are the things to do:

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.