Threat Management, Malware

Hidden malware in Fortnite cheating app shells gamers with barrage of ads

Gamers who recently downloaded a Fortnite cheating app in order to gain an unfair advantage over fellow players found they had a hard time surviving a barrage of malicious ads that followed.

Andrew Sampson, CEO of the game streaming app Rainway, revealed the scam in a July 2 Medium blog post, noting that the malicious app was downloaded 78,000 times by the time his team reported the issue to the file host and had the app removed from its platform.

Rainway first became aware of the problem on June 26, when the company began receiving an unusual number of error reports -- over 381,000 of them before the problem was ultimately resolved. The errors were caused by repeated attempts to call various ad platforms via some form of adware.

The company found that in each case, the affected user had played Fortnite. Deducing that the players may have downloaded a malicious cheating app, the Rainway team investigated various apps available for download and eventually found one that reached out to URLs that showed up on the company's error reports.

The offending app in this case claimed to allow players to generate free V-Bucks -- the currency used in Fortnite -- and also use an aimbot, which lets gamers shoot enemies without having to aim their weapon. But behind the scenes, the adware would install root certificates on infected devices and route all web traffic through a proxy in order to pull off a man-in-the-middle attack.

Sampson said that in response to the discovery, Railway alerted infected users and also enabled certificate pinning to mitigate MITM attacks. Also, “in the future, we will alert users when we detect any foreign activity that we think could be a sign of an infection," he added in the blog post.

Developed by Epic Games and People Can Fly, the open-world survival game Fortnite is among the world's most popular video games today, so it is not surprising that bad actors are finding ways to spread adware through cheating apps for this runaway hit.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.