EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers

EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers
HIGHLIGHTS

Origin, EA’s digital game distribution platform, had a critical security flaw.

The bug could give hackers to run code remotely on a victim’s computer.

EA patched the flaw with a new update to Origin, which was rolled out on Monday.

Origin, the digital game distribution platform by EA, has reportedly fixed a serious vulnerability in its software. As per TechCrunch, security researchers of Underdog Security, Daley Bee and Dominik Penner found a vulnerability in the Origin app, which could enable an attacker to remotely run malicious code on a victim’s computer. The bug affected the Origin app on Windows and an updated was rolled on Monday to fix it. Origin is a popular online game distribution platform that is used by people to access, download and install games on their systems. Origin’s macOS client was apparently unaffected by the bug. 

As per the report, the flaw originated in the URL scheme of the Origin app that makes it easier to access an individual game’s store from the web. The app uses an ‘origin://’ link in the address to load a game from a web page and the researchers found that using a malicious link, hackers could trick the app to run code remotely on the victim’s computer. This meant that “An attacker could’ve ran anything they wanted,” Bee told TechCrunch. An attacker could also send harmful PowerShell commands, which could enable them to potentially download and install ransomware and other malicious files. 

The malicious link could be sent to a victim over an email or listed on a website. However, it could also be executed if the “malicious code was combined with cross-site scripting exploit that ran automatically in the browser.” The flaw also made it possible to use a single line of code for stealing a user’s account access token, enabling a hacker to obtain access to a user’s account without needing their password. John Reseburg, a spokesperson for EA, confirmed that the flaw was patched with an update to Origin on Monday. 

Origin is the game distribution platform from where the popular online battle royale game Apex Legends can be downloaded. The app also hosts a slew of popular games like Battlefield V, Anthem, Fifa, Titanfall and more. 

Digit NewsDesk

Digit NewsDesk

Digit News Desk writes news stories across a range of topics. Getting you news updates on the latest in the world of tech. View Full Profile

Digit.in
Logo
Digit.in
Logo