Players of the ultra-popular video game Fortnite may soon add a disappointment dance to their repertoire as they are increasingly targeted by malware aimed at their Bitcoin.
Researchers at the anti-virus and anti-malware company Malwarebytes say they have found malware targeting victims’ crypto holdings hidden in “free” versions of the latest (season six) edition one of the world’s most popular video games:
“First, we sifted through a sizable mish-mash of free season six passes, supposedly “free” Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of ‘free V-Bucks’ used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”
Among all this detritus, the researchers say, the malware is being deployed through, “the typical surveys…via a daisy chain of clickthroughs and (eventually) some malware as a parting gift.”
According to Malwarebytes, first, Fortnite video gaming content (often gaming advice) is posted on YouTube, where particularly interested viewers can then click on a link that delivers them to an innocent seeming survey.
But unlike a typical survey that simply deploys questions, the malware rabbit-hole survey connects the user to a social-media site, perhaps to give an additional air of legitimacy.
From there, “gamers are whisked away to a site located at bt-fortnite-cheats(dot)tk,” where targets are promised access to a series of Fortnite cheat tools that then entice them towards a series of potentially malicious downloads.
1207 of infected dirty downloads have already occurred, says Malwarebytes, “… 1207 downloads too many.
This malware file in particular was detected by the security firm as a Trojan.Malpack. “A little digging showed us the payload is a data stealer,” they write.
Once installed, the file, “…attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169,” an IP address, “seen many times in relation to similarly named/themed files.”
According to the researchers:
“While this particular file probably isn’t that new, it’s still going to do a fair bit of damage to anyone that runs in. Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward.”
A fair amount of malware has traditionally targeted people illegally downloading content, and this video-game malware similarly seeks to cheats cheaters, attempting, one supposes, to immorally impart a moral lesson upon precocious Bitcoiner tweens and a few young-at-hearts seeking a virtual shortcut to Fortnite glory.