Fortnite cheaters got pwned by malware posing as an aimbot

Software found on YouTube claimed to help players cheat, but actually made them victims of a MITM attack

By Cal Jeffrey July 3, 2018, 14:42

Fortnite cheaters got pwned by malware posing as an aimbot

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

What just happened? Cheaters tend to run rampant in online games, especially ultra-popular titles like PUBG and Fortnite. These unscrupulous losers are worse than an annoyance as they tend to drive legitimate players away from the game. That's why nobody is going to feel too bad that thousands of Fortnite cheaters have been infected with malware.

Web-based game-streaming platform Rainway reports that on June 26 it began receiving hundreds of thousands of error reports --- over 381,000 in fact. The company's engineering team dug through the logs trying to find the source of the problem. As they sorted through the mess, they discovered that the errors were coming from all sorts of users with different hardware and ISPs. The only thing they seemed to have in common was that they all played Fortnite.

It appeared that some form of malware was attempting to call various ad platforms through the Rainway servers. Since the company whitelists URLs internally, the calls were generating errors and had "the unintended side effect of shining a light on a much broader issue." It also provide engineers with a URL that they later used to identify the source of the malware.

Sifting through thousands of YouTube videos on Fortnite hacks, and subsequently hundreds of cheat programs, the team finally found a hack that used the URL that kept turning up in its logs. The software claimed to provide the player with an aimbot and a way to generate free V-Bucks (Fortnite's in-game currency).

"Sometimes the allure of cheating is powerful, and a strong presence is needed to help push people in the right direction."

It was a pretty clever ploy by the malware makers --- a way to quickly kill your opponents and get free money in the process would be hard for a cheater to resist. Indeed, the program had already been downloaded 78,000 times by the time Rainway found it.

However, instead of a cheat the hack set up a man in the middle attack. Upon running, the software immediately installs a root certificate on the computer. It then orders Windows to proxy all traffic through itself.

"The adware then began altering the pages of all web request to add in tags for Adtelligent," said Rainway.

Rainway informed the company hosting the malware and it was immediately removed. It also notified all infected Rainway users of the malware and warned everyone not to download random programs --- something that should go without saying.

The company also notes that Epic could do a better job of letting its players know that cheating has severe consequences that go beyond banning and suspensions.

"Sometimes the allure of cheating is powerful, and a strong presence is needed to help push people in the right direction," the company said.

It also feels Epic should put forth an effort to have YouTube videos advertising these hacks taken down. The fake aimbot/V-Bucks malware that it dealt with was just one out of hundreds of cheat programs that it found via YouTube.

It is unfortunate that Rainway was affected by this outbreak, but it is hard to have sympathy for the cheaters who in my opinion got what they deserved.

6 comments 74 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot