Security researchers examine data-stealing malware that is aimed at not-so-fair Fortnite players
Researches stomped upon a data-stealing malware strain that targets Fortnite cheaters. Previously, players were targeted by fake surveys, bogus downloads and allegedly free Android versions of the game. While most of these usually focused on redirecting users to affiliates sites to gain revenue, this time their personal information, like Bitcoin wallet data, is targeted.
Fortnite, being the most successful battle arena game that ever existed, makes 78 million players log in every month. However, not all of those people are practising the “fair game” principle and instead seek to gain an unfair advantage by using bots, wall-hacks, free V-Bucks generators and similar cheats. Additionally, hackers are always ready to abuse the popularity of whatever it might be in order to deliver malware for personal gain.
With the new season 6 coming out, many bad actors rushed to offer the unfair players the new hacks. As usual, hackers went for YouTube and uploaded thousands of videos with the download link. In some cases, these videos gain over 100,000 views before they are taken down due to YouTube's policy violations.
Malware expert who was researching one of the Fortnite virus samples said:
Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift.
Players are sent back and forth before they can download the alleged cheat
Those who are determined to cheat, search for videos on YouTube and, unsurprisingly, find thousands of results. By entering one of such videos, users can find a link below, leading to the third-party site called Sub2Unlock, which makes them subscribe to unlock the content. Note that typically, players are directed to bogus surveys where are they promised a download link once complete – so there's a major difference here.
As soon as users click on the subscribe button, they are lead to the original YouTube page they came from. Thus, researchers went back to Sub2Unlock, where they now saw a download button. Once clicked, they were redirected to a dodgy site under the name of bt-fortnite-cheats[dot]tk, which looked decently presentable – the fact that would make many young players believe in its legitimacy.
From there, users are then redirected to a generic download site to download the alleged cheat. According to experts, the file was already downloaded 1,207 times.
Cheaters will be cheated
The link-embedded malware can be virtually anything, but this time researchers dealt with a data stealer that is detected under the name of Trojan.Malpack. Once the initial executable of 164kB is run on the system, it performs several checks and gathers the excessive amount of the information about the infected device. Additionally, the malware also targets Bitcoin wallets, cookies, browsing session data, as well as Steam runtime.
All these details are then sent to an IP address that is located in Russian Federation. One can only wonder what data like gaming time can be used for, but Bitcoin wallet information can help crooks stealing cryptocurrency directly. Furthermore, any harvested personal details can be sold on the black market for monetary gain.
Users who download the malicious payload can also view a READ ME file, which explains that additional hacks and cheats are available for $80 in Bitcoin.
All in all, there is a lesson to be learned here: cheaters will be cheated. Maybe not always, but visiting dodgy sites will inevitably bring tricksters to such threats as data-stealing malware. Bots and hacks not only ruin many other players' experience but might also harm cheaters themselves. So play fair and safe.