With 250 million registered players, Fortnite is nothing short of a global gaming phenomenon. It is also a prime target for criminals looking to cash in on the competitive nature of Fortnite players. The latest security warning to be issued concerns a malicious Fortnite hack that promises to help you win, but instead leads to data loss.
What is known about this malicious Fortnite hack?
Researchers at cloud security specialists Cyren have discovered a Fortnite game hack, purportedly an aimbot cheat tool to give players an advantage by taking out opponents, which is actually ransomware in disguise. Known as “Syrk” and with a file name of “SydneyFortniteHacks.exe”, the real goal of this hack is to scam you out of your money.
Describing the ransomware, Maharlito Aquino and Kervin Alintanahin of Cyren warned that “we expect it to possibly be distributed via upload to a sharing site and link posted on Fortnite user forums.”
The deception of the cybercriminals behind Syrk does not end by disguising the malware as a game cheat; they have also disguised old ransomware known as Hidden-Cry as a new threat.
This, as it happens, is potentially good news. Because Hidden-Cry is already well known and the source code of the ransomware has been widely shared online. More on why that might be a good thing in a bit, but first let’s look at how Syrk works.
How does this Fortnite ransomware work?
If you download the so-called aimbot game hack, what you get is a huge 12MB executable with various files embedded. Once you run your aimbot download it will start doing a number of things, none of them welcome. These include connecting to a command and control server and using a Windows registry tweak to disable Windows Defender and User Access Control. Some Windows resources that could hinder Syrk’s progress are closely monitored, including Task Manager.
Then things turn ugly, and Syrk embarks on a mission to encrypt files including images, videos, documents, music, and archives. If successful, all file types are encrypted and given a .syrk file extension.
A message is displayed to the victim demanding an unspecified ransom to be paid and an email contact to be provided for instructions on how to do so. That warning states that if the payment isn’t made before the two-hour countdown timer reaches zero, the files in the Photos folder will be deleted, followed by the Desktop and Documents folders.
Should you pay the Fortnite hack ransom?
As mentioned above, there is some potential good news in that the Hidden-Cry ransomware source code behind the Syrk façade has already been widely distributed online. “We believe it is possible for victims to recover deleted files,” said the The Cyren researchers claimed, “given the simple method used to delete the files.” Those researchers have also suggested two possible methods that can be used to decrypt your files without paying a ransom for the decryption password.
These include the somewhat ridiculous revelation that cybercriminals have embedded the decryption tool in the malware download. That file, dh35s3h8d69s3b1k.exe, can be “used to create a PowerShell script based on the shared source of the Hidden-Cry decryptor,” according to Cyren.
The second method is equally facepalm-worthy: the malware places files containing the ransomware’s decryption password on your machine. Fortunately, it also includes a file that will remove all the malicious files it installed.
How to avoid being a victim of this malicious Fortnite hack
There is a very, very simple way to mitigate the risk of downloading this or any other malware masquerading as a Fortnite hack: do it. No cheating.
Fortnite security issues refuse to go away
Fortnite has been in the news, for the wrong reasons, quite a bit this year. You may have read about how users on a cracking forum managed to hack a rival cracking pool and publish a database of more than 350,000 messages online earlier this month, for example. Among the exposed messages were several that discussed the sale of “freshly hacked Fortnite accounts with skins” as well as advice on changing the email of those hacked accounts.
Also in early August, it was reported that malware called Baldr was distributed in Fortnite cheats that were linked in YouTube gameplay videos. Baldr is a gaming site login credential stealer who is just as happy to steal his credit card details.
On July 25, the infamous Fortnite player and Twitch streamer known as Ninja had his Instagram account with 14.1 million followers compromised. An image was posted promoting a “thousands of iPhone X” scam. However, the account picked up very quickly, but it serves as a reminder of the value of the big names in the game to the criminal fraternity.