Malware disguised as cheat tools steals crypto from Fortnite players
When the sixth season of popular video game Fortnite dropped, fans rejoiced. And opportunists tried to cash in too—by developing a cryptocurrency- and data-stealing malware posing as game cheat tools.
Malwarebytes Labs discovered the malware in YouTube videos offering “free” season passes and “free” versions of the game, according lead malware intelligence analyst Christopher Boyd.
In a blog post, Boyd noted, “We sifted through a sizable mish-mash of free season six passes, supposedly ‘free’ Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of ‘free V-Bucks’ used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”
The discovery process involved going through several steps, including subscribing to a YouTube channel, before being redirected to a different site and then filling a survey before downloading the malware disguised as a cheat tool.
The videos were titled in an inviting manner. One video was called, “New Season 6 Fortnite Hack Cheat Free Download September 2018 / WH / Aimbot/ Undetectable.” Another one was titled, “Fortnite Hack Free Download,” and yet another was titled “Fortnite Cheat.” One video had 120,892 views before it was removed for breaching YouTube’s spam policy.
Boyd said passing the malware off as a cheat tool is not new—the practice has been seen for decades and is capable of doing significant damage to computer systems.
The initial .exe file runs on the target system then enumerates the details of the infected computer. After this, it sends data via a POST command to a file in Tel Aviv. Boyd noted that a lot of data is vulnerable to theft since the malware examines bitcoin wallets, Steam sessions, cookies, and information tied to browser sessions. The malware includes a readme file that advertises the ability to purchase additional Fortnite scams for ‘$80 Bitcoin’.
In as much as one may be tempted to cheat at Fortnite, Boyd advises users to avoid the temptation to download cheats.
“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift,” he wrote. “Winning is great, but it’s absolutely not worth risking a huge slice of personal information to get the job done.”
Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as SegWitCoin BTC coins. Altcoins, which value privacy, anonymity, and distance from government intervention, are referenced as dark coins.
Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.