It has been discovered that Fortnite gamers are suffering from a new malware attack that is concealed within the game. Malwarebytes issues the report which found scammers had found a way to release the malware within “cheat tools” that offered “season passes”, which were deemed “free” for Android users. Commenting on the news and offering insight is Tyler Reguly, Manager of Software Development at Tripwire.
Tyler Reguly, Manager of Software Development at Tripwire:
“Based on the Malwarebytes Labs’ blog post, this malware targeting Fortnite gamers looks for personal information including browser sessions and cookies. This could potentially spell trouble for enterprises that have end users gaming and downloading gaming related software (or, in this case, disguised gaming related software) onto their corporate owned systems When you work from a computer, there’s a fine line between personal data and corporate data. It is unlikely, however, that the system administrators most at risk from this will actually care as it takes a certain level of operational laziness in order to allow employees to game on corporate systems. Popular forms of entertainment are frequently targeted for malware campaigns. It was only last week that we saw news from BestVPN.com and Kaspersky Lab that over 250,000 infection attempts were seen on nearly 60,000 computers against viewers trying to pirate Game of Thrones and The Walking Dead. Fortnite is the gaming equivalent of those TV shows in terms of popularity. Just one year ago, 2.8% of Twitch.tv viewers were tuning in to watch others play Fortnite, that number is now 12.8% making it the most watched game on Twitch.TV with an average of nearly 10,000 active channels, 140,000 active viewers, and a combined 103 Million hours watched. These are numbers that far exceed any other game on that platform.
This problem is only going to get worse as Fortnite grows in popularity. While my generation was defined by a console (The Nintendo Generation), Fortnite, at least at the moment, stands alone. Just last Friday, I saw two teenagers leaving a theatre performance discussing jumping into the middle of traffic while it was raining to do the Fortnite Dance Challenge. I’ve seen friends post on Facebook that they now pay their kids allowance in V-Bucks, the in-game currency of Fortnite. We’re all aware of the fact that parents are hiring Fortnite tutors for their kids and, recently, the Vancouver Canucks, an NHL team, banned Fortnight (all video games but this one was called out) for away game trips to avoid distraction. When something becomes this pervasive, it is only natural that it will be targeted by threat actors looking to compromise systems. This is a situation where we need to pump the brakes and look at what we’re doing. System Administrators need to ensure their systems aren’t used as gaming platforms, parents need to ensure their children are fighting an addiction, and everyone playing the game needs to be more vigilant as they endeavour to be the best. Just as there are health risks associated with performance-enhancing drugs in sports, there are health risks for your computer associated with (allegedly) performance enhancing apps.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.