Hidden malware in Fortnite cheating app shells gamers with barrage of ads
Gamers who recently downloaded a Fortnite cheating app in order to gain an unfair advantage over fellow players found they had a hard time surviving a barrage of malicious ads that followed.
Andrew Sampson, CEO of the game streaming app Rainway, revealed the scam in a July 2 Medium blog post, noting that the malicious app was downloaded 78,000 times by the time his team reported the issue to the file host and had the app removed from its platform.
Rainway first became aware of the problem on June 26, when the company began receiving an unusual number of error reports — over 381,000 of them before the problem was ultimately resolved. The errors were caused by repeated attempts to call various ad platforms via some form of adware.
The company found that in each case, the affected user had played Fortnite. Deducing that the players may have downloaded a malicious cheating app, the Rainway team investigated various apps available for download and eventually found one that reached out to URLs that showed up on the company’s error reports.
The offending app in this case claimed to allow players to generate free V-Bucks — the currency used in Fortnite — and also use an aimbot, which lets gamers shoot enemies without having to aim their weapon. But behind the scenes, the adware would install root certificates on infected devices and route all web traffic through a proxy in order to pull off a man-in-the-middle attack.
Sampson said that in response to the discovery, Railway alerted infected users and also enabled certificate pinning to mitigate MITM attacks. Also, “in the future, we will alert users when we detect any foreign activity that we think could be a sign of an infection,” he added in the blog post.
Developed by Epic Games and People Can Fly, the open-world survival game Fortnite is among the world’s most popular video games today, so it is not surprising that bad actors are finding ways to spread adware through cheating apps for this runaway hit.
Source | scmagazine