Tuesday, June 18, 2024

78,000 Fortnite Game Players Infected With Adware While Downloading Fortnite V-Bucks Hack

The Fortnite game has more than 125 million total players and it is one of the most famous games on the planet.

Web-based game-streaming platform Rainway noticed the issue on June 26th as thousands of users getting error reports triggered in their tracker.

Rainway said, “for security and privacy reasons we’ve always allow only whitelisted URLs and we should not have any ads.”

To their surprise, one after another user start’s getting infected, so the researchers opted to find which is common for all.

As a part of the investigation, they headed to youtube to find popular Fortnite Game hacks and they tested with hundred’s of software that claims to support the players. These videos are common for any popular game.

The Rainway team at last identified hack claiming that users will get both the V-Bucks and use an aimbot.

How the Hack Occurs – Fortnite Game

When users install the promised fake Fortnite Game hacking app it immediately installs a root certificate and routes the web traffic through itself, which leads to Man in the Middle Attack.

MITM attack is a type of cyber attack where the attacker intercepts communication between two parties. Here is a perfect example of Mitm attack.

Then Adware starts altering all the pages by adding advertisement companies ad tag Adtelligent and voila.

“We began by sending an abuse report to the file host, and the download was removed promptly, this was after accumulating over 78,000 downloads.” reads Rainway blog post.

Rainway alerted all the infected users and enabled certificate pinning to mitigate such Mitm attacks in future.

Recently a fake android malware posing as Fortnite Game with capabilities of spyware, cryptocurrency miner targeted Android users.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.

Also Read

Maikspy – A Spyware Attack on Windows & Android Users via Adult Games

Several Malware Games Downloaded by 4,500,000 Android Users From Google Play Store

Malicious Code in Kids Game Apps on Google Play Pushing Porn Ads – More than 60 Game Apps Infected


Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles