"An attacker can craft a malicious internet link to execute malicious code remotely on victim's system, which has Origin installed, " wrote the researchers in a paper detailing their work.
In lab experiments, the researchers exploited a loophole in the way Origin handles links to games users have downloaded and installed to make it run code that compromised a target machine.
More than 10 million people thought to have accounts with Electronic Arts's (EA) Origin game store are at risk from a hack attack that swaps games for malicious code, researchers say.
Like most malware attacks, there are clues as to its origin - however security experts warn that any calling cards found within the attack's code could in fact be an attempt to throw investigators off the real scent.
But on EA's official forum, Origin's community manager Sam Houston said the company would "honour all sales made with the coupon code over the weekend and hope fans enjoy their games".