Malicious WeakAura Replaces Auction House Purchases with Overpriced Scams
28.05.2021 um 00:35
A malicious WeakAura has been found causing players to purchase seemingly normal priced Auction House items for exorbitant amounts. Despite Auction House listings and purchase confirmations showing the expected 66 gold price,
lost over 11,000 gold to the hidden code, which intercepted the purchase and replaced it with an entirely different one.
On May 24, 2021 I went to buy a chronoboon from the AH and bought x5 (1 stack) of the item for 66g....or so I thought.
, another redditor and self admitted former scammer, confirmed this was the result of malicious code hidden in a Weak Aura, lying in wait until the right set of circumstances was achieved before springing the trap.
Ah a former member of the WoW cheating, exploiting and scamming scene (back in 2008-2012ish) this is 100% a malicious addon. This has been done tons of times before and looks exactly like what you'd see on the victim end of one of these.
This code is usually implemented via snippets in other add-ons, and the malicious addon usually has nothing to do with the AH. The code just sits idle until the correct criteria is met and then as you're clicking buy, intercepts the buy, shows a fake confirmation screen(this works because blizzard requires a 1 for 1 hardware input to action, that's not the real blizzard confirmation screen you're seeing but a cloned fake one), and then basically places your buyout for a different item.
Edit6: A malicious WA was found in one of the samples provided. Its highly obfuscated and might take a bit to break down.
Edit7: we've found the problem. Not saying anymore but addon developers and blizzard both have reached out and fixes are in progress.
Although this particular vulnerability has been detected and sent to Blizzard, it's just one of several dangerous passive scams which are becoming more and more popular. With WeakAuras being used for everything from action bars to encounter reminders and even entire UI replacements, this has become an extremely easy scam to fall prey to, with few good solutions. Players should of course only import auras from trusted sources, but even then it's all too easy to accidentally spread malicious code hidden in seemingly helpful strings used by all manner of players, much like serving as an asymptomatic carrier of a virus or disease.
Another popular scam automatically mails gold to other players, without any input beyond opening a mailbox!
Wowhead Premium bekommen
2$ pro Monat
könnt ihr eine werbefreie Seite genießen, Premium-Features freischalten und die Seite unterstützen!
Zeige 1 Kommentare
Verstecke 1 Kommentare
Anmelden um Kommentar zu erstellen
So check wisely what and by whom you are installing something ;)
Schreibe einen Kommentar
Ihr seid nicht angemeldet. Bitte
meldet Euch an
, um einen Kommentar einzusenden.