Crypto thieves are preying on Fortnite gamers with malicious malware designed to steal data and Bitcoin. The scam targets victims through YouTube, by promoting links to malicious files that promise to unlock game cheats, free season passes and hacks.
According to Malwarebytes Labs, which detected the scam,
“First, we sifted through a sizable mish-mash of free season six passes, supposedly “free” Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of “free V-Bucks” used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”
The team then detected a suspicious file, called a Trojan.Malpack, that can swipe Bitcoin wallet data, Steam sessions, browser session information and cookies.
“Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169.”
Scammers used a survey to navigate players to a portal that claimed to offer cheat tools. Researcher Christopher Boyd characterized it as having a decent chance of convincing youngsters of its legitimacy. From there, victims were led to a download site.
In addition to the download, the tricksters provided a readme file with an offer to snag more Fortnite cheats for $80 in Bitcoin.
Some of the videos deploying malicious code racked up over 120,000 visits before YouTube suspended the content for spam violations.