In an Aesop's fable for the digital age, Fortnite players who try to cheat are themselves being duped by ransomware disguised as a game hack.
Research conducted by cloud security specialists Cyren has found that a cheat tool claiming to improve the accuracy of a player's aim (known as an aimbot) is in reality a piece of malware designed to cause data loss.
Roughly 250 million players of the online video game were targeted by the ransomware, which has the filename "SydneyFortniteHacks.exe" and is known as Syrk.
Players who download Syrk in the misguided belief that they've stumbled across a sneaky way to up their game end up with a 12MB executable file. When the file is executed, the ransomware beast awakens and starts encrypting images, videos, music and documents stored on the player's computer. The encrypted files are marked with a .syrk file extension.
The unlucky player is then sent a threatening message demanding payment in return for a decryption password. The message includes an email address that the player must contact to discover how to make the payment.
The player is warned that if payment isn't received within two hours, files in their photo folder will be deleted, followed by files on their desktop. To underline the time-sensitive nature of the threat, the menacing message is unsubtly accompanied by a giant countdown clock.
This nasty little piece of open source ransomware was built with tools readily available on the internet. And, in a doubly deceptive move, its creators built Syrk by reworking an existing piece of ransomware called Hidden-Cry. The source code for Hidden-Cry was shared on Github last year.
Fortunately, the files to decrypt the encrypted files can be found in machines infected with the ransomware. The file dh35s3h8d69s3b1k.exe – the Hidden-Cry decrypting tool – is one of the resources embedded in the main malware.
The discovery of Syrk follows news earlier this month that Fortnite players had been targeted by malware named Baldr, also hidden in cheat hacks distributed as links via YouTube. The moral of the story is "don't cheat," but with a $30 million prize pool for the recent Fortnite World Cup, it's easy to see how players fall victim to temptation.