Announcement of 25. July 2016

G DATA analyses script attack on World of Warcraft player

A new type of item scam lures players into trap.

Theft and sale of in-game items as well as currency has been a topic in the World of Warcraft community for a long time. Re-cently, a new type of gold/item scam made the rounds. A previously undocumented function of the LUA script framework on which the WoW interface is based, allows a thief to take control over a victim’s game interface without having to rely on any installed add-ons. The attacker initially uses a social engineering approach: to receive a high value in-game items, all the future victim supposedly needs to do is enter a snippet of script code into his chat window. By doing so, the victim effectively hands off control over his own interface and the attackers can literally rob the game character without the player being able to do anything about it.

How WoW-players can protect themselves:

  • Do not enter the script code into your chat window. Question each and every request to type in any message into your chat window.
  • Be careful when downloading add-ons from third parties: use trustworthy and popular websites, keep your add-ons up-to-date.

A detailed analysis is available here. 

Media:

Announcement of 25. July 2016

G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49 234 9762-239
E-Mail: presse@remove-this.gdata.de

Kathrin Beckert-Plewka
Public Relations Manager

Contact

Kathrin Beckert-Plewka

Phone: +49 234 9762-507
kathrin.beckert@remove-this.gdata.de

Vera Haake
Spokesperson for event & location communication

Contact

Vera Haake

Phone: +49 234 9762-376
vera.haake@remove-this.gdata.de

Stefan Karpenstein
Public Relations Manager

Contact

Stefan Karpenstein

Phone: +49 234 9762 - 517
stefan.karpenstein@remove-this.gdata.de