Fortnite is an extremely popular multi-player battle royale game that goes without saying. The game’s popularity can perhaps be measured by the recent data from research firm SensorTower that Fortnite has collected $300 million since it was launched for the iOS platform, and $20 million of that coming in just the first week of this month. At the same time, the newest season for Fortnite, called Season 6, is here as well. However, it is perhaps expected that such a popular game would be in the sights of anyone with malicious intent.
According to online security firm MalwareBytes, there is a Bitcoin-stealing malware, as well as other data-stealing malware, that is waiting to target unsuspecting gamers. It is believed that the malware is being distributed via links on YouTube videos that offer games some add-ons. “First, we sifted through a sizable mish-mash of free season six passes, supposedly “free” Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of “free V-Bucks” used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots,” says Malwarebytes in an official statement.
The researchers have found that the malware is disguised as a harmless file that enables for free game bonuses, including “V-Bucks” as well as cheats like aim-bots. The Malwarebytes research has identified the file as a Trojan. Malpack. Once downloaded, the malware works silently in the background and collects as well as transfers data from your Bitcoin wallets, web browser session information, cookies and login tokens as well as Steam gaming sessions.
Malwarebytes says that the videos distributing this malicious file have been viewed as many as 120000 times before it was flagged enough to be taken down. One can only wonder how many unsuspecting gamers downloaded the file in the hope to get some assistance in the game and ended up compromising their data instead.
Fortnite is available for Android, iOS, Sony PlayStation 4, Nintendo Switch, Microsoft Xbox One, Apple macOS and Microsoft Windows.
This isn’t the first time this popular multi-player battle royale game is facing security struggles. After the much-publicized bypassing of the Google Play Store when the Fortnite game arrived on Android in August, Google revealed how the very first installation file shared by Epic Games for the Fortnite game installation on Android phones (these files have the .apk extension), allowed hackers to basically push any malicious app to the devices. The Android device user would certainly not know about any malicious background activities or apps running under the disguise of the Fortnite installer.
That led to a war of words. Google shared this security update with Epic Games on 15 August, and that is when the game developer acknowledged the issue and got down to fixing it, on 16 August. They then asked Google something no Android user would probably want to hear— “We would like to request the full 90 days before disclosing this issue so our users have time to patch their devices.” On 24 August, Google responded with, “Now the patched version of Fortnite Installer has been available for 7 days we will proceed to unrestrict this issue in line with Google’s standard disclosure practices.”