I am one of the fans who had been eagerly awaiting Diablo III for more than ten years and now I am consumed in my attempts at the Inferno difficulty level every night. As one of the most highly anticipated games this year, it was only a matter of time before malware authors began targetting it and W32.Gammima.AG was first to step up to the plate. One of the features in the game is the ability for players to trade their items and gold for genuine money on the Real Money Auction House. Although the malware itself does not target the service directly, it is likely an avenue the attackers will pursue in order to monetize their operation.

Today I identified a new W32.Gammima.AG variant that steals Diablo III communications.







This malware is not brand-new. We have encountered it several times before, so this is just a slightly improved version targeting Diablo III as well as the following games:

Arad

Lineage

MapleStory

The Kingdom of the Winds

World of Warcraft

The game’s developer, Blizzard Entertainment, has included some security protection, such as a one-time password authenticator and account locking, so that gamers can prevent their items and gold being stolen.

Symantec detects this malware as W32.Gammima.AG. To stay safe, please ensure that you have the latest patches installed on your system and keep your antivirus definitions up to date.