Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Fortnite Cheaters Tempted with Data-Stealing Malware

Cheaters looking to gain an advantage on popular video game Fortnite have been warned about a new scam delivering information-stealing malware.

Malwarebytes researcher, Chris Boyd, explained that the threat has been designed to coincide with the new seasons of the Epic Games title.

The malware was hidden amidst a “sizable mish-mash” of free season six passes, ‘free’ Android versions of the game, ‘free V-Bucks’ used to buy additional content for the game, and “a lot of bogus cheats, wallhacks, and aimbots,” he said.

It’s hidden in YouTube clips masquerading as cheats. One managed to garner 120,000 views before it was pulled.

“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cyber-criminals before,” Boyd added. “In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of click-throughs and (eventually) some malware as a parting gift.”

In one instance, clicking the link to the clip sends the user to a third-party site called Sub2Unlock where they’re asked to “subscribe to unlock.”

This differs from typical scams of this type, where users often have to fill in surveys. After completing this stage, they are taken to a spoof cheat site at bt-fortnite-cheats(dot)tk.

“This site is a fairly good-looking portal claiming to offer up the desired cheat tools, and it stands a fair chance of convincing youngsters of its legitimacy. A little bit more button clicking, and potential victims are taken to a more general download site containing what appears to be an awful lot of files alongside a wide range of adverts,” Boyd continued.

“As far as the malicious file in question goes, at time of writing, 1,207 downloads had taken place. That’s 1,207 downloads too many.”

The malware in question is detected as Trojan.Malpack, with a data-stealing payload designed to send the stolen info to a location in Russia.

“Some of the most notable things it takes an interest in are browser session information, cookies, Bitcoin wallets, and also Steam sessions,” explained Boyd.

Reports have also emerged of stolen Fortnite and other account being sold on Instagram

What’s Hot on Infosecurity Magazine?