Advertisement

That 'Fortnite' cheating app is probably hiding malware

If it sounds too good to be true, it probably is.

Malware writers and scammers love to exploit demand for popular games to ensnare unwitting victims, and that's truer than ever for a near-ubiquitous game like Fortnite. Rainway has discovered malicious Windows adware hiding in a cheat that promised both an aimbot and free in-game V-Bucks. Install it and it immediately alters Windows to serve its own rogue ads, creating a man-in-the-middle attack (with Rainway as an unwitting participant) by loading its own root certificate and routing all internet traffic through a proxy.

Rainway said it had largely thwarted the attack by having the adware's host remove the offending file, and remove the creators from at least one ad platform. Unfortunately, that may have come too late for some people. The file host recorded 78,000 downloads, and Rainway received 381,000 reports. A significant number of Fortnite players took the bait, then.

This isn't the only malware using Fortnite as a ploy. We've seen numerous instances of attackers promising a download for the Android version (which isn't ready yet) to compromise the phones of over-eager players. However, it does illustrate a number of problems. Rainway suggests that Epic could do more to teach users about its anti-cheating system and the potential risks of using these programs. It also pins some of the problem on YouTube -- it's all too easy to find YouTube videos promoting malware masquerading as a Fortnite download (I've seen examples myself). And no matter what, it underscores the importance of caution whenever you're downloading game content that doesn't come from the developer.