On September 27, the insanely popular Fortnite officially launched Season 6, introducing a slew of map changes as well as new additions like pets and Shadow Stones. As with previous seasons, Fortnite Season 6 will offer players a Battle Pass for 950 V-Bucks. The new Battle Pass features 100 levels to climb and over 100 new rewards for unlocking. With all those glittering new skins and other items out there for the winning, it’s only natural that some players would look for shortcuts, giving scammers a perfect opportunity. And already, hackers are targeting Fortnite gamers though YouTube links that promise to pay out in V-bucks, cheats and aimbots, but which steal gamers’ information and even their Bitcoin.
Hackers Exploit Fortnite Season 6 Frenzy To Steal Gamers’ Bitcoin
Seasoned Fortnite veterans are probably aware of the innumerable scams targeting the game’s players. Most of the time, these scams bring users to websites to fill out surveys for rewards that never arrive or downloads that never finish. But a new breed of malicious attack is taking things to an entirely different level. And all credit goes to the people at Malwarebytes for catching it and getting the word out to gamers. For some, however, the news came too late.
Hackers laid the bait for their scam on YouTube, a favorite source for Fortnite fans looking for links to free downloads, cheats, wallhacks and other in-game goodies. Malwarebytes sifted through several of these videos. Many hardly had any views at all before YouTube mods flagged them as scams or deceptive and took them down. Some, however, got as many as 120,000 views before YouTube could pull them. Several are still up, gathering more views every minute.
Within the video comments are links that take gamers to what are essentially website faucets. Users fill out a survey or answer questions to receive a promised reward or cheat. But one scam Malwarebytes found added a little twist. Clicking on the link in the video brought the scam’s marks to a Sub2Unlock page, asking visitors to subscribe to be able to download the cheat reward.
Fortnite Scam Tricks Users Into Downloading Bitcoin Stealer
Clicking the download button brought gamers to a Fortnite portal offering a bunch of cheat tools. The game portal itself looks relatively legitimate, even according to the pros at Malwarebytes. But as users continue clicking, they end up on generic-looking download sites loaded with ads and links. The download link gamers will want to click on to get their cheat, however, actually downloads a malicious data stealer file. At the time of its writing, Malwarebytes said more than 1,200 people had downloaded the file and likely executed it.
In its analysis of the malicious file, Malwarebytes reports that it contains code flagged as a Trojan.Malpack. Further investigation revealed that the actual exploit is a data stealer. As soon as a user runs the target .EXE file, it steals sensitive data off the device and enumerates active Bitcoin wallets. Enumeration allows a hacker to obtain someone’s private key and take their Bitcoin. Then, a POST command sends the data in an index.php file to an IP address registered in the Russian Federation. Malwarebytes says the stealer attempts to send info on browsing history, cookies, Steam sessions and Bitcoin wallets.
Exploits like these are common and far from new. But Fortnite, ironically, seems to have gamers’ guard down. Adding insult to injury, a readme file accompanying the data stealer invites users to buy even more (fake) Fortnite cheats for $80 worth of Bitcoin.
Cryptocurrency investors have been hit with some pretty serious hacks this year. In many of them, attackers made off with hundreds of millions of dollars in cryptocurrency assets. Rather than targeting exchanges and wallets directly, however, Fortnite scammers are getting people hungry for the win to compromise their data and give up their Bitcoin. Gamers and crypto traders: be on the alert.