Scamming has been a part of multiplayer games since they first implemented trading systems, and has become a common phenomenon in every MMORPG.
However, a devious and more sinister type of attack has surfaced in World of Warcraft, which simply requires the victim to enter one line of code in order to work.
The following situation is an example of the attack:
- A high-ranked player walks up to your character in-game and promises to share or give you some cool items (rare mounts, weapons etc.)
- The player says they are attempting to give you the item but you cannot see it in the trade window.
- The player then asks you to enter the following line of code into your chat window to fix the “bug”: /run RemoveExtraSpaces=RunScript
- The player can now remotely access your character via chat messages.
How it works
This is what the command actually does:
- /run interprets the following text as a Lua script
- RemoveExtraSpaces is a built-in function which removes unnecessary spaces from text
- RunScript is a function that executes text as Lua code.
This is a threat because after obliviously entering this code, the RunScript function is called every time a chat message is received.
This means that every chat message you receive will be interpreted as Lua code, allowing other players to control your user interface via chat messages.
After you have opened the backdoor by entering the code into your text chat, the player can send you invisible chat messages which can control your interface.
Hackers can use this backdoor to force you to give away your items and virtually rob your character.
This unique attack requires only a bit of social engineering for the victim to unknowingly hand over control to the attacker, who can then force them to trade away their items.
More gaming news
5 things you need to know before buying a hard drive in South Africa
Loading ...
