With 250 million registered gamers, Fortnite is nothing short of a global gaming phenomenon. It’s also a prime target for criminals looking to profit on the competitive nature of Fortnite players. The latest security warning to be issued concerns one malicious Fortnite hack that promises to help you win but goes on to deliver data loss instead.
What is known about this malicious Fortnite hack?
Researchers at cloud security specialists Cyren have uncovered a Fortnite gaming hack, supposedly an aimbot cheat tool to give players an edge when disposing of opponents, that is really ransomware in disguise. Known as “Syrk” and with a filename of “SydneyFortniteHacks.exe,” the real aim of this hack is to cheat you out of your money.
Describing the ransomware, Maharlito Aquino and Kervin Alintanahin from Cyren warned that “we expect it to possibly be distributed via an upload to a sharing site and the link posted in Fortnite users in forums.”
The deception of the cybercriminals behind Syrk doesn’t end with disguising the malware as a game cheating hack; they have also disguised older ransomware known as Hidden-Cry as a new threat.
This, as it happens, is potentially good news. Because Hidden-Cry is already well-known and the source code for the ransomware has been widely shared online. More of why that could be a good thing in a moment, but first let’s look at how Syrk works.
How does this Fortnite ransomware work?
If you download the supposed aimbot game hack, what you get is a large 12MB executable with several files embedded within. Once you run your aimbot download it will start to do a number of things, none of them welcome. These include connecting to a command-and-control server and using a Windows registry tweak to disable Windows Defender and User Access Control. Some Windows resources that could stymie Syrk progress are monitored closely, including the Task Manager.
Then things get nasty, with Syrk setting off on a mission to encrypt files including images, videos, documents, music and archives. If successful, all file types are encrypted and given a .syrk file extension.
A message is displayed to the victim demanding an unspecified ransom is paid and an email contact given to get instructions on how to do this. That warning states that if the payment isn’t made before the displayed two-hour countdown timer reaches zero, then files in the photo folder will be deleted, followed by the desktop and document folders.
Should you pay the Fortnite hack ransom?
As mentioned previously, there is some potential good news in that the source code of the Hidden-Cry ransomware behind the Syrk facade has already been widely distributed online. “We believe it is possible for victims to recover deleted files,” the Cyren researchers stated, “given the simple method used to delete the files.” Those researchers have also suggested two possible methods that can be used to decrypt your files without paying a ransom for the decryption password.
These include the somewhat farcical revelation that the cybercriminals have embedded the decrypting tool in the malware download itself. That file, dh35s3h8d69s3b1k.exe, can be “used to create a PowerShell script based on the shared source of the Hidden-Cry decrypter,” according to Cyren.
The second method is equally facepalm-worthy: the malware drops the files containing the ransomware decryption password onto your machine. Helpfully, it also includes a file that will delete all the malicious files it installed.
How to avoid being a victim of this malicious Fortnite hack
There is a really, really simple way to mitigate the risk of downloading this, or any other, malware posing as a Fortnite hack: Do. Not. Cheat.
Fortnite security issues refuse to go away
Fortnite has been in the news, for the wrong reasons, quite a lot this year already. You may have read about how users of one cracking forum managed to hack a rival cracking group and publish a database of more than 350,000 messages online earlier this month, for example. Amongst the messages exposed were several discussing the sale of “freshly cracked Fortnite accounts with skins,” as well as advice for changing the email of those cracked accounts.
Also earlier in August, it was reported that malware called Baldr was distributed in Fortnite cheat hacks that were linked to in YouTube gaming videos. Baldr is a gaming site login credential stealer that is just as happy as stealing your credit card data.
On July 25, the infamous Fortnite player and Twitch streamer known as Ninja had his Instagram account with 14.1 million followers compromised. An image was posted promoting a “1000s of iPhone Xs” scam. The account was recovered very quickly, however, but it serves as a reminder to the value of the big names in gaming to the criminal fraternity.