Yesterday, Underdog Security revealed a major security flaw in Origin, EA’s game launcher. The bug could trick users into remotely running malicious code on their computer.
Researchers Daley Bee and Dominik Penner showed an instance where they opened the Windows Calculator when the malicious link was clicked in the Origin client. The bug gave hackers the same permissions as the user logged in to that computer. Origin can also be accessed as an online store and the malicious code could also be triggered if combined with a scripting exploit that runs off the browser.
Moreover, attackers could also run malicious PowerShell commands to download other harmful code and even install ransomware. A user’s account could also be cracked using the security flaw without even requiring the password.
It is still unclear how many users were affected by the bug. With millions of players logging into Origin everyday, this could have been a major issue. Thankfully, EA has gone ahead and fixed the flaw this Monday.
Further Reading: