Activision has pulled a specific PC version of Call of Duty: WW2 just days after release, following reports that the game suffers from a remote code execution (RCE) exploit. This affects the so-called “Xbox PC” version of COD: WW2 that was just released on PC Game Pass: the game remains available on Steam and through Battle.net, though perhaps now is not the time to try it out.
RCE exploits are not about in-game cheats or hacks: rather they allow attackers to run nefarious code on a user or organisation’s machines via the game software. Online security firm Invicti defines an RCE as “a vulnerability that lets a malicious hacker execute arbitrary code in the programming language in which the developer wrote that application. The term remote means that the attacker can do that from a location other than the system running the application.” They’re also sometimes called “code injection” attacks.
The upshot is that these are among the nastiest cyber-attacks out there, and several sources have offered evidence they’re happening. Streamer Wrioh posted this clip to X, in which their game of WW2 freezes, dialogue boxes pop up, and then their desktop wallpaper is changed to show a man’s face. User @LasagneManne claims to have been given the opportunity to buy this exploit and shares a screen showing the software’s various options as well as RCE, including more ‘traditional’ cheats like kicking players and enabling God Mode.
Perhaps most reliable is VX-Underground, a white hat group that regularly posts about malware (as well as an incredible volume of cat pictures) and says “someone is trolling gamers with Notepad pop ups, PC shutdowns, and gay pornography.”
Gamers are going ballisticCall of Duty WWII, available on Xbox PC Game Pass, contains an unpatched RCE exploitSomeone is trolling gamers with Notepad pop ups, PC shutdowns, and gay pornography pic.twitter.com/FLNzRbLt1sJuly 3, 2025
VX-Underground admin “Smelly” then goes on to provide a detailed explanation of what they think is “probably” happening in Wrioh’s clip (because they’re analysing it purely from the video without logs etcetera). The TL;DR is that “the concern in this particular case is that this means an attacker is capable of deploying information stealer malware, a RAT (remote administration tool), or ransomware. Thankfully, it appears this attacker is primarily interested in memeing and fucking with people.”
VX-Underground also notes that the desktop background “is changed to show a prominent lawyer who Activision hired to prosecute video game cheaters.”
Activision hasn’t directly addressed the reports of the RCE exploit, saying only that the 2017 shooter has been “brought offline” while it investigates “an issue.”
Read the full article here
