Popular video game Fortnite’s new season is here and so begins the season of malware scamming for cybercriminals. Unsurprisingly, Malwarebytes Labs has reported that scammers are trying their best to come up with a fake version of the game to con the users.
However, their current attempts cannot be termed as a mere con attack this time around because they are looking to steal data and bitcoin from unsuspecting users, and this is only one of their many objectives.
According to a new report from Malwarebytes Labs, new data theft malware is out in the wild that is targeting Fortnite gamers by disguising itself as a cheat tool and attempting to steal data once activated. There are multiple demos available that explain how the cheat tool attempts to attack users.
In one of the videos, Christopher Boyd of Malwarebytes, identified scammers trying to redirect Fortnite cheaters to a webpage on Sub2Unlock; this page connects the visitor to a YouTube channel, where the cheat tool can be purchased through subscribing.
When the victim subscribes, the channel then redirects to the download portal bt-fortnite-cheats(dot)tk, where the victim can download the cheat software. It is reported that the cheat software is downloaded over 1,200 times. The portal promises Fortnite users a full range of useful services such as many bogus cheats, aimbots, and wallhacks.
Hidden underneath all of them is a data-stealing malware, which is downloaded as the cheat tool. After the .EXE file is executed, it starts performing a number of enumeration on the infected computer and sends the data through a POST command to an index.php file in Russia using the IP address 5(dot)101(dot)78(dot)169.
Researchers at Malwarebytes were able to discover the campaign by scanning a substantial number of free passes for season six of Fortnite, which were actually free Android versions of the game. Apparently, the game was leaked and scammers were marketing it with “free V-bucks” loaded with additional content for the game.
Boyd also states that the malware scans for Steam sessions, Bitcoin wallets, and cookies to be raided and exfiltrated to the attackers. The YouTube channel has garnered over 700 subscribers so far, while the video received more than 2,200 views on the very first day.
Malwarebytes has detected the cheat file as Trojan.Malpack, and notes that the malware is unlike other malicious software because it can distribute multiple malicious tools and each of the malware payloads has a different data exfiltration capability.
However, all of them work in the same manner that is, invading the victim’s computer and exploiting its resources as per a pre-set list. Then it uses a custom method of transferring the stolen data to the scammers. Since Fortnite players are the main target of this campaign, therefore, it is advised that you should not fall prey to the scammers’ bait by attempting to download malware considering it to be the cheat tool.