After hearing about the Cambridge Analytica scandal and other unethical global surveillance controversies, it has become harder and harder to trust companies with the way they collect your personal data. We've been let down by so many huge tech companies, and apparently now is the time for the gaming industry to deceive us as well.
Guild Wars 2 is a Massively Multiplayer Online Role-Playing Game—or MMORPG—developed by ArenaNet and published by NCSOFT. It was originally released as a paid game on PC in 2012, but later became free-to-play so as to bring more players due to unsustainable competition.
Gaile Gray, a spokesperson for ArenaNet, wrote in a forum announcement that the company has suspended 1,583 accounts in the last 6 months for cheating. They apparently found out that the accounts were running alongside known cheating softwares, such as CheatEngine, Nabster, GW2MHRexe, UNF and MMOMINION. Some of those accounts were suspended after detecting that they were directly associated with other accounts that received the ban hammer from using cheating tools.
According to a reddit post by Fabian Wosar, a security researcher who's had his Guild Wars 2 account suspended, ArenaNet was able to find cheaters using what essentially appears to be a spyware located within the Guild Wars 2 launcher. According to Wosar, the GW2 update from March 6th included a program that would scan the players' computers to find any app or process that could be used for in-game cheating.
Arena silently shipped a spyware component as part of one of their updates on March 6th that submitted hashes of all processes running on your system to their servers, compromising your privacy, degrading your system's performance as well as potentially flagging a bunch of innocent users to be banned. The component was silently removed again on the 27th. The purpose of the component is most likely to flag users for the banwave that just hit.
While monitoring processes to find cheaters in a game isn't uncommon, the launcher was sending all the information gathered from the computer to the ArenaNet servers in a very insecure way.
It's worth noting that Wosar didn't receive his ban for cheating, but for running programs that flagged his account—despite the fact that said programs weren't used for cheating within the game. Not only is this technique unsafe, but there is also no filtering as to who gets their account banned when they run softwares that could be used for cheating, although not actually used for this kind of purpose.
Security analyst Adrian Bednarek, who has previously done research on video games, told Motherboard that this type of method to catch cheaters has been used by a couple video game companies before.
I would consider any processes covertly sending back data about processes and modules running on my system as spyware.
The technique used was not very complex, and it definitely backfired on them. Additionally, now that users are aware of it, it's almost certain that they will find new ways to bypass certain checks.