Fortnite Season 6 kicked off last month, and for some, darkness did rise from unexpected sources. Malwarebytes, a popular and trusted anti-malware program reports that they uncovered malware that poses as free cheat downloads and it specifically targets Fortnite players.
The “free cheats” release malware that steals data from users. Targeted data include browser history, bitcoin wallets, as well as Steam sessions.
Latest Fortnite Malware
It’s not the first time Fortnite cheaters are tricked by their ambition to win. And it won’t be the last. In July this year, malicious viruses wreaked havoc on thousands of Fortnite players trying to cheat.
According to Malwarebytes, the recent con targets not only cheaters but also those looking for a free ride. The malware poses as offers for cheats, free season 6 battle passes, free V-bucks, and a “free” Fortnite Android version. The cheats focus on wallhacks, aimbots and more, so think twice before you hit that download button.
The Malware Setup
As before, the Fortnite free cheats are advertised on YouTube. Clicking on any link in the description takes you to a page called Sub2Unlock. Unlike the standard modus operandi, it doesn’t ask you to complete a survey that unlocks the cheat program, but instead to hit the social media subscribe button. It’s a clever move as it’s much quicker and more acceptable to hit subscribe than to fill in a survey.
The user eventually finds him or herself on a page that offers the desired cheat programs. You simply hit the download button, and your victory in Fortnite is all but confirmed, and your fate to win a malware program, sealed.
Malware File Information
Malwarebytes downloaded one of the cheats and uncovered a Trojan. Malpack file. These files are generally undetected by standard anti-virus software as it contains codes that are not malicious. These codes serve to hide the malware, and it generally succeeds. Malwarebytes explains:
Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation.
Once released, the malware targets browser history, cookies, bitcoin wallet, and even Steam sessions. According to Malwarebytes, it isn’t the first time they have linked the Russian IP address to such nefarious activities.
Lots of the files contained in this download are packed in entirely different ways. One of them has a process called “Stealer.exe.” Many more post the stolen information to /gate.php instead of index.php, which is a common sign of Zbot and a few others.
The rabbit hole goes even deeper. For an additional $80 Bitcoin you can purchase even more Fortnite cheats.
Most of us would agree that cheaters deserve getting ‘cheated’ in return. However, it would be unfortunate if say your kid plays Fortnite on your system, decides to try a cheat, and you are left dealing with the theft of personal information.
In other Fortnite news, Sony officially announced PS4 cross-play support for Fortnite.