Call Of Duty: WW2 joined Game Pass on June 30, including for PC subscribers who could now access the game through the Microsoft Store. Days later, that version of the game had to be taken offline amid reports of players getting hacked and trolled with pop up messages on their PC, which seems very, very bad. Players who got hit had their desktop backgrounds changed to the face of video game lawyer Marc E. Mayer who is representing Activision in a current lawsuit against Call of Duty cheat makers.
“Call of Duty: WWII on PC Microsoft Store was brought offline while we investigate reports of an issue,” the Call of Duty update account quietly posted on the evening of July 4. Activision still hasn’t confirmed what the “issue” was exactly, but its clear from reports at the time that it had something to do with a hacking vulnerability that allowed outside actors to remotely take control of players’ PCs while they were playing the Game Pass-included Microsoft Store version of the game.
”Gamers are going ballistic,” reported the hacking news account vx-underground (via PC Gamer) a day earlier on July 3. “Call of Duty WWII, available on Xbox PC Game Pass, contains an unpatched RCE exploit. Someone is trolling gamers with Notepad pop ups, PC shutdowns, and gay pornography.” Accompanying screenshots show notepad message popups informing players they’d been hacked. YouTubers also started rounding up examples.
“I JUST GOT HACKED PLAYING WW2! EVERYONE DO NOT PLAY WW2 ON GAMEPASS!” wrote X user Wrioh75753 on July 2, with footage showing a black pop-up that included the text “Mark E Mayer just RCE’d your ass.” It’s not clear how many players were affected before the game was brought offline, nor what the vulnerability was, though experts have some guesses.
One vx-underground member called ‘smelly’ broke down their explanation on X, in part blaming COD: WW2's use of peer-to-peer matchmaking for exacerbating any underlying security issues with the 2017 game. There’s no threat to Xbox users, but it’s not immediately clear what fixes can be made to the underlying game to completely patch out the issues on PC.
“The concern in this particular case is that this means an attacker is capable of deploying information stealer malware, a RAT (remote administration tool), or ransomware,” smelly wrote. “Thankfully, it appears this attacker is primarily interested in memeing and fucking with people.”
Why aren’t Steam players affected? “The game publisher took down only the Microsoft Store and Game Pass version of Call of Duty: WWII because they were different versions of the game than listed on Steam and contained an old flaw that had been patched on other versions of the game, according to two sources with knowledge of the situation,” Tech Crunch reports, based on a source from Activision.
The publisher has yet to comment on the issues. Kotaku reached out yesterday and still hasn’t received a response.
.