Scammers are targeting Fortnite cheaters with data-stealing malware

Fortnite is an extraordinarily popular game, and because of that, scammers and con artists are (again, still) using it to distribute malware. A new report by Malwarebyte Labs says that the most recent round of scams goes beyond "typical low-level surveys and downloads that never actually materialize" by delivering software that can actually steal your data. 

After digging into links promising free V-bucks, season six passes, copies of Fortnite on Android, and "a lot of bogus cheats, wallhacks, and aimbots," the site found that most of them follow a familiar pattern of fake surveys that encourage players to unwittingly hand over their user information to unscrupulous actors—fairly conventional phishing scams, in other words.   

But in at least one case, a link found on a YouTube video promising "Fornite Aimbot | Fornite Hacks | Undetected | Season 6 | ESP, Aimbot + Look ESP Free Download!"—subtle, eh?—led to a page on Sub2Unlock. Instead of presenting players with a survey to fill out, it requires them to the referrer's social portal. But no validation takes place: The referrer's YouTube channel subscribe page pops up, Sub2Unlock presents a link to "a fairly good-looking portal claiming to offer up the desired cheat tools," and after some more clicking around, the download link appears. 

"Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169," Malwarebytes explained. "Some of the most notable things it takes an interest in are browser session information, cookies, Bitcoin wallets, and also Steam sessions." 

Other files the site encountered during its investigation "are packed in entirely different ways," although the IP address in the .exe file "has been seen many times in relation to similarly named/themed files." 

"While the subject of this blog probably isn’t that new, it’s still going to do a fair bit of damage to anyone that runs it," Malwarebyte said. "Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward." 

It's definitely not new in the broad strokes—Epic warned against Fortnite Android phishing scams in May—but this new round of malware attacks sounds even more potentially destructive. Tyler Reguly of cybersecurity company Tripwire said that despite efforts to educate gamers, Fortnite's popularity means that some people will inevitably fall victim to it. 

"It was only last week that we saw news from BestVPN.com and Kaspersky Lab that over 250,000 infection attempts were seen on nearly 60,000 computers against viewers trying to pirate Game of Thrones and The Walking Dead," Reguly said. "Fortnite is the gaming equivalent of those TV shows in terms of popularity. Just one year ago, 2.8% of Twitch.tv viewers were tuning in to watch others play Fortnite, that number is now 12.8% making it the most watched game on Twitch.TV with an average of nearly 10,000 active channels, 140,000 active viewers, and a combined 103 Million hours watched." 

"These are numbers that far exceed any other game on that platform. The problem is only going to get worse as Fortnite grows in popularity."