Tech 4 October 2018Dennis Wafula
Malware disguised as cheat tools steals crypto from Fortnite players
When the sixth season of popular video game Fortnite dropped, fans rejoiced. And opportunists tried to cash in too—by developing a cryptocurrency- and data-stealing malware posing as game cheat tools.
Malwarebytes Labs discovered the malware in YouTube videos offering “free” season passes and “free” versions of the game, according lead malware intelligence analyst Christopher Boyd.
In a blog post, Boyd noted, “We sifted through a sizable mish-mash of free season six passes, supposedly ‘free’ Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of ‘free V-Bucks’ used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”
The discovery process involved going through several steps, including subscribing to a YouTube channel, before being redirected to a different site and then filling a survey before downloading the malware disguised as a cheat tool.
The videos were titled in an inviting manner. One video was called, “New Season 6 Fortnite Hack Cheat Free Download September 2018 / WH / Aimbot/ Undetectable.” Another one was titled, “Fortnite Hack Free Download,” and yet another was titled “Fortnite Cheat.” One video had 120,892 views before it was removed for breaching YouTube’s spam policy.
Boyd said passing the malware off as a cheat tool is not new—the practice has been seen for decades and is capable of doing significant damage to computer systems.
The initial .exe file runs on the target system then enumerates the details of the infected computer. After this, it sends data via a POST command to a file in Tel Aviv. Boyd noted that a lot of data is vulnerable to theft since the malware examines bitcoin wallets, Steam sessions, cookies, and information tied to browser sessions. The malware includes a readme file that advertises the ability to purchase additional Fortnite scams for ‘$80 Bitcoin’.
In as much as one may be tempted to cheat at Fortnite, Boyd advises users to avoid the temptation to download cheats.
“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift,” he wrote. “Winning is great, but it’s absolutely not worth risking a huge slice of personal information to get the job done.”
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.
Tech 5 hours ago
Vacheron Constantin to use blockchain to authenticate timepieces
Vacheron Constantin wants you to know their watches are legit, and as a result they will turn to blockchain technology to prove it.
Tech 6 hours ago
Russian state corp. proposes blockchain-based government data system
Rostec, a Russian state-owned holding conglomerate, has proposed the implementation of a blockchain-based government data storage system.
Tech 6 hours ago
Alibaba to integrate blockchain with its intellectual property system
Alibaba is adding to China’s intellectual property regime by creating their own blockchain system.