Fortnite players become target of latest crypto malware

Everyone is taught from an early age that cheaters never win. Whether we decide to subscribe to that adage is a different story, but those who don’t often learn the hard way the error of their ways. This is true for some Fortnite players, who are at risk of finding their computers infected with cryptocurrency-stealing malware if they decide to try to use a downloadable cheat application. 

A cheat pack has been circulating for the popular video game that offers two ways otherwise inept players can win. One cheat provides an auto-aiming tool and the other allows players to uncover where opponents are in the game. The cheats are included in an application called Syrk, but it’s what’s hiding under the surface that players need to worry about. 

Once installed and launched Syrk releases ransomware that can encrypt computer files and hold them for ransom. According to a post by Kaspersky, Cyren researchers uncovered the malware, explaining that it allows the software to connect to a command-and-control server that can disable various applications, including Windows Defender, process-monitoring apps (including Task Manager and Process Monitor) and others.

After that, the malware is added to an autoload list that makes it more difficult for the software to be removed. It then begins to encrypt media files, documents, presentations, images and will also try to infect any connected USB devices. 

The user is then presented with a message notifying him or her of the attack and asking for a ransom payment. If the user refuses, Syrk begins to delete files after two hours, starting with images, then the desktop, then the rest of the documents. 

It’s not all bad news, though. For some reason, the individual or individuals behind the attack decided to include the path to decrypt the files in the software. Kaspersky explains that Syrk’s current version “actually stores the key needed to decrypt the files right on the infected machine. The key is in the folder C:\Users\Default\AppData\Local\Microsoft\, in a file called -pw+.txt or +dp-.txt.”

This isn’t the first time Fortnite players have been targeted by malware. Given that the video game has more than 250 million players around the world, gamers make for easy victims and, late last year, a similar ransomware hidden in cheating tools made its rounds. That malware was hidden in YouTube videos that offered free season passes and free versions of the game.