Online gamers around the globe have been put on notice this week after security software researchers identified a sneaky malware ploy that's been targeting the 50-million-plus registered users on the game channel of the Chinese entertainment Web site Mop.com.
Only visitors referred to the site via China's popular search engine Baidu.com initially become infected. Then, the malicious code will determine whether or not the visitor has installed the Chinese antivirus software application 360 Safeguard.
If the intended victim does not have the AV suite, the code will then infect the PC or mobile device and redirect the visitor to one of two compromised Web sites.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
The site is particularly popular with gamers playing World of Warcraft, a massive multiplayer online role-playing game that has been routinely targeted by hackers looking to steal and validate login credentials and other personal information.
"Mop.com is one of the largest and most influential forums in China," Websense officials said in their advisory. "It was the birthplace of Chinese network culture and has grown into a Web site with integrated forum, news, games, entertainment, etc., together to become a huge multimedia information platform."
Mop.com attracts more than 200 million page views per day, good enough to make it the 275th most-trafficked Web site in the world according to Alexa, the Web traffic ranking service.
Websense said the shellcode found in the exploit will download the executable remote file called 55.exe, which is encrypted and, according to the security software vendor, has a "very low" antivirus detection rate.
Security pundits around the world have issued numerous warnings over the past year for Internet users on popular social networking and community sites to be on the lookout for socially engineered malware scams that attempt to capitalize on breaking news and pop culture events, as well as popular online gaming sites.
Thus far, it's unclear how many Mop.com visitors have been contaminated by the scheme or what exactly the hackers have done with the purloined personal information.