Malwarebytes Labs recently discovered malware in one of the many Fortnite game hacks that enumerate victims’ Bitcoin wallets.
The California-based IT security firm found the malware after riddling through many fake Fortnite hacks that sought users to participate in surveys or download suspected files. The process led them to detect Trojan.Malpack. The trojan reportedly steals users’ data and identifies their Bitcoin wallets by tricking them into downloading a package containing a malicious Windows file.
“Once the initial(dot)EXE, [the malicious file], runs on the target system, it performs some basic enumeration on details specific to the infected computer. It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169,” researchers found. “Some of the most notable things it takes an interest in are browser session information, cookies, Bitcoin wallets, and also Steam sessions.”
Malware Located among YouTube Videos
Fornite players looking to bypass the game’s paywall often end up on ‘how-to-hack-Fortnite’ forums available all across the web, including YouTube. Malwarebytes Labs subscribed to many of these channels for its investigation and found bogus hacking tips and tricks that were offering everything from free season six passes to free V-Bucks, Fortnite’s in-app token to enable additional content purchase in the game.
“Offering up a malicious file under the pretense of a cheat is as old school as it gets, but that’s never stopped cybercriminals before. In this scenario, would-be cheaters suffer a taste of their own medicine via a daisy chain of clickthroughs and (eventually) some malware as a parting gift,” Malwarebytes wrote.
Any Bitcoin Stolen?
The Malwarebytes investigation does not report any Bitcoin stolen (yet). But the report does sound unsure about the extent to which Trojan.Malpack has affected its victims till date. The trojan generally opens a backdoor to other infections by fundamentally crippling the system firewall. It becomes possible due to Malpack’s ability to make unapproved adjustments behind the administrator’s back.
The trojan also is notorious for snooping on victims’ private activities, which could lead to irreversible damages as far as Bitcoin is concerned. For instance, cybercriminals can steal login credentials of the Bitcoin wallet client, take private keys stored on it, modify browsers’ settings to further their attack, and whatnot. These malicious attempts have been made in the past, too, and Reddit is full of such stories.
Image from Shutterstock