Wow all items
As the attacker has full access to the victim’s interface, he can check where the victim’s in-game character is currently located on the virtual map to approach him in-game. An attacker usually would not have the chance to know such detailed information about other players.
In WoW, players have the possibility to trade items among each other. For this, the two characters need to be in physical proximity and can then exchange items. If the attacker knows the victim’s character’s location and is within range of the victim’s in-game character, he can now remotely open a trade window, add items and/or gold on the victim’s side and hit the “Accept Trade” button. He can virtually rob the victim.
Our scenario described a social engineering attack paired with a technical attack. Manipulated clients might be misused to send convincing chat messages to other players, e.g. guild members, friends, etc., to manipulate even more in-game characters with this simple but effective script. As we all know, messages from friends and colleagues are considered trustworthy.