“First, we sifted through a sizable mish-mash of free season six passes, supposedly “free” Android versions of Fortnite, which were leaked out from under the developer’s noses, the ever-popular blast of “free V-Bucks” used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots.”
The team detected a suspicious file that’s called Trojan.Malpack.
This seems to be able to swipe Bitcoin wallet data, cookies, Steam sessions, and browser session information.
The company also said that after the initial .EXE which weighs about 168KB runs on the target system, it will perform a basic enumeration on details specific to the infected system.
After this, it will attempt to send information via a “POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169.”
Hackers used a survey
It seems that scammers have been using a survey in order to navigate players to a portal that claimed to offer cheat tools.
Expert Christopher Boyd said about it that it had quite a decent chance of convincing users especially younger ones about its legitimacy. After that, victims were being led to a download site.
B4sides the download file, hackers also provided a readme filet that came with an offer to snag more Fortnite cheats for $80 in Bitcoin.
Some of the videos that were deploying malicious code were able to gather 120,000 visits before YouTube suspended the content for spam violations.
We recommend that you read the complete report issued by Malwarebytes Labs here.