Malicious Warcraft links lead players to losing their credentials

World of Warcraft players are being targeted by cyber criminals who try to lure them into visiting malicious destinations so as to steal their credentials. According to anti-virus firm Webroot official forums offered by WoW creator Blizzard are exploited by cyber crooks to spread links that lead to malware that steals passwords and other game credentials.

The scam uses the common technique of telling visitors that their Adobe Flash player needs to be updated and then offering a malicious trojan instead of the real installation file. Besides, scammers also use phishing attacks producing heaps of emails that purport to be official communications from Blizzard, according to researchers from security provider Sophos.

In the fake messages hackers say that the game maker is launching a new service and invites them to click on a link for a free sneak peak. The resulting website, in turn, phishes user credentials.

Scam attack is coming just a few weeks after Blizzard issued an update for Warcraft III that fixed a gaping hole that could lead to the complete hijacking of machines running the real-time strategy game. According to Webroot researcher Andrew Brandt, it was exploited simply by getting vulnerable victims to join a custom game hosted with booby-trapped maps.