Skip to main content

Scammers are targeting Fortnite cheaters with data-stealing malware

Audio player loading…

Fortnite is an extraordinarily popular game, and because of that, scammers and con artists are (again, still) using it to distribute malware. A new report by Malwarebyte Labs (opens in new tab) says that the most recent round of scams goes beyond "typical low-level surveys and downloads that never actually materialize" by delivering software that can actually steal your data. 

After digging into links promising free V-bucks, season six passes, copies of Fortnite on Android, and "a lot of bogus cheats, wallhacks, and aimbots," the site found that most of them follow a familiar pattern of fake surveys that encourage players to unwittingly hand over their user information to unscrupulous actors—fairly conventional phishing scams, in other words.   

But in at least one case, a link found on a YouTube video promising "Fornite Aimbot | Fornite Hacks | Undetected | Season 6 | ESP, Aimbot + Look ESP Free Download!"—subtle, eh?—led to a page on Sub2Unlock. Instead of presenting players with a survey to fill out, it requires them to the referrer's social portal. But no validation takes place: The referrer's YouTube channel subscribe page pops up, Sub2Unlock presents a link to "a fairly good-looking portal claiming to offer up the desired cheat tools," and after some more clicking around, the download link appears. 

"Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169," Malwarebytes explained. "Some of the most notable things it takes an interest in are browser session information, cookies, Bitcoin wallets, and also Steam sessions." 

Other files the site encountered during its investigation "are packed in entirely different ways," although the IP address in the .exe file "has been seen many times in relation to similarly named/themed files." 

"While the subject of this blog probably isn’t that new, it’s still going to do a fair bit of damage to anyone that runs it," Malwarebyte said. "Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward." 

It's definitely not new in the broad strokes—Epic warned against Fortnite Android phishing scams in May—but this new round of malware attacks sounds even more potentially destructive. Tyler Reguly of cybersecurity company Tripwire said that despite efforts to educate gamers, Fortnite's popularity means that some people will inevitably fall victim to it. 

"It was only last week that we saw news from BestVPN.com and Kaspersky Lab that over 250,000 infection attempts were seen on nearly 60,000 computers against viewers trying to pirate Game of Thrones and The Walking Dead," Reguly said. "Fortnite is the gaming equivalent of those TV shows in terms of popularity. Just one year ago, 2.8% of Twitch.tv viewers were tuning in to watch others play Fortnite, that number is now 12.8% making it the most watched game on Twitch.TV with an average of nearly 10,000 active channels, 140,000 active viewers, and a combined 103 Million hours watched." 

"These are numbers that far exceed any other game on that platform. The problem is only going to get worse as Fortnite grows in popularity." 

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.