Fortnite adware virus discovered in purported aimbot/V-Bucks hack

Late last month, the operators of the game streaming service Rainway noticed something unusual: Hundreds of thousands of error reports began appearing on its tracker for no apparent reason. The errors were the result of attempted calls to ad platforms, "an immediate red flag," as CEO Andrew Sampson explained in this blog post, because the service doesn't run ads. Further investigation eventually narrowed the compromised users down to a single commonality: They all played Fortnite.

With that realization in hand, Rainway engineers began to really dig in, beginning with a search for Fortnite hacks on YouTube. "We downloaded hundreds of programs, all claiming to do something to help a player get ahead," Sampson wrote. "While they were all indeed malicious, we were looking for a specific one. We created a small utility to help us sift through all these programs to find references to the URLs we were detecting through error logging." 

Eventually the search paid off in the form of a purported aimbot that also promised to generate free V-Bucks—sweet candy indeed. But of course it wasn't what it appeared to be. When run on a virtual machine, "it immediately installed a root certificate on the device and changed Windows to proxy all web traffic through itself," Sampson wrote, describing it as "a successful Man in the Middle Attack." 

The hack had been downloaded approximately 78,000 times before the host took it down after Rainway filed an abuse report. That's a lot of potential headaches floating around in the wild. Sampson said he also sent an inquiry to Adtelligent, whose links were being added to web requests by the offending adware, but had not received a response by the time the post went up. 

In case there was any question about where he stood on the matter, Sampson concluded with a warning against downloading random programs, saying, "If something is too good to be true, you're probably going to need to reformat your PC." He also called on Epic to be more proactive in warning Fortnite players against this sort of thing.   

"Epic could do a better job at educating their users on these malicious programs and helping them understand how airtight Fortnite's systems are at preventing cheating," he wrote. "I’d also recommend they spend more time moderating YouTube to help take down these videos to avert a countless number of people from pwning themselves. Sometimes the allure of cheating is powerful, and a strong presence is needed to help push people in the right direction." 

I've reached out to Epic for comment, and will update if I receive a reply.