Call of Duty: WW2 pulled from PC following reports of remote code exploit trolling players with 'Notepad pop-ups, PC shutdowns' and desktop wallpaper of a lawyer

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

1

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Activision has pulled a specific PC version of Call of Duty: WW2 just days after release, following reports that the game suffers from a remote code execution (RCE) exploit. This affects the so-called "Xbox PC" version of COD: WW2 that was just released on PC Game Pass: the game remains available on Steam and through Battle.net, though perhaps now is not the time to try it out.

RCE exploits are not about in-game cheats or hacks: rather they allow attackers to run nefarious code on a user or organisation's machines via the game software. Online security firm Invicti defines an RCE as "a vulnerability that lets a malicious hacker execute arbitrary code in the programming language in which the developer wrote that application. The term remote means that the attacker can do that from a location other than the system running the application." They're also sometimes called "code injection" attacks.

The upshot is that these are among the nastiest cyber-attacks out there, and several sources have offered evidence they're happening. Streamer Wrioh posted this clip to X, in which their game of WW2 freezes, dialogue boxes pop up, and then their desktop wallpaper is changed to show a man's face. User @LasagneManne claims to have been given the opportunity to buy this exploit and shares a screen showing the software's various options as well as RCE, including more 'traditional' cheats like kicking players and enabling God Mode.

Perhaps most reliable is VX-Underground, a white hat group that regularly posts about malware (as well as an incredible volume of cat pictures) and says "someone is trolling gamers with Notepad pop ups, PC shutdowns, and gay pornography."

VX-Underground admin "Smelly" then goes on to provide a detailed explanation of what they think is "probably" happening in Wrioh's clip (because they're analysing it purely from the video without logs etcetera). The TL;DR is that "the concern in this particular case is that this means an attacker is capable of deploying information stealer malware, a RAT (remote administration tool), or ransomware. Thankfully, it appears this attacker is primarily interested in memeing and fucking with people."

VX-Underground also notes that the desktop background "is changed to show a prominent lawyer who Activision hired to prosecute video game cheaters."

Activision hasn't directly addressed the reports of the RCE exploit, saying only that the 2017 shooter has been "brought offline" while it investigates "an issue."