Epic Games‘, Fortnite, has taken the world by storm, and the PC-version’s customizable nature leaves the door wide open for opportunistic scammers. With an increase in searches for A surge in YouTube videos offering up cheat codes, hacks and free “V-bucks” (the currency with which Fortniters can cosmetically enhance their character’s appearance) have lead overzealous Fortniters to click links and download software containing potentially dangerous malware. The competitive nature of the game results in Fortnite gamers to try anything to gain the upper-hand, and in turn make hasty decisions when it comes to downloading content from a third-party. These links to external sources may look similar to this, which may or may not also be a scam:
While this type of behavior is not new, a particular piece of malware discovered is anything but minor, it’s actually scraping for data from your PC. According to research published by malwarebytes.com, these links take unsuspecting users to generic-looking download sites where the file can be officially downloaded. These files which promise hacks and cheats actually contain Trojan files, (Trojan.Malpack) which as the name “Trojan” implies, contain data that is not what the downloader is expecting. Once the .exe file is loaded and run on the victim’s computer, it begins to scrape for data, such as logins and patterns (specific key words). As mentioned by Malwarebytes Labs’ study, some of the items this malicious data scraper searches for include Steam login info, cookies, and Bitcoin wallets, specifically Electrum. (Hence why we at Coin Ninja would like to remind you to NEVER store info like seed/recovery words digitally and always use a secure password to access your Bitcoin wallets.) Once this data has been gathered the malware attempts to send the data to a Russian IP address, associated with similarly themed files.
The blame of this does not fall squarely on the user, as it is YouTube’s responsibility to weed out any mal-intended links. Moreso, Epic Games chooses not to make Fortnite available to Android users via the Google Play Store, which uses a vetting system to prevent Trojan malware such as this. According to one of Coin Ninja’s own Android developers, Jeff Jones:
“Their (Epic Games) choice to circumvent Android’s Google Play Store to not pay the 30% fee per transaction is exposing their customers to unnecessary risk. While there’s always a risk involved, not using a vetted source inevitably increases those risk factors.”
For the full detail of the malware discovered and how it was recognized, please check out the attributed article here. Please take care, especially when it comes to personal information on your computer and more especially when it comes to exposable data related to your Bitcoin and the wallets in which they are held. Download responsibly, everyone.