Unofficial downloadable cheats for Fortnite have been found to contain malware. It’s proving pretty tricky for Epic Games to solve the cheatware problem
Fortnite has won the fight to become the biggest battle royale game but it has one huge problem: cheats. It’s a breeze to download software that claims to rig the game in your favour. Want to automatically aim better? Surefire victory is only a couple of clicks away. Except, of course, it isn’t.
A cheat installed by users thousands of times, which was meant to give both in-game currency and an ‘aimbot’ to make shots more accurate, actually contained malware. The goal of the scammers? To make money. The code, discovered by game-streaming service Rainway, allowed a man-in-the-middle attack to direct web traffic through a web ads service, making the cheat’s creator money.
After noticing an unusual quantity of error reports from its tracker, Rainway found the common link was the users playing, or more specifically cheating, at Fortnite. Instead of getting ahead, those who used the cheat instead found themselves infected with adware, a fairly common fate for hack downloaders, and proof that cheaters never prosper.
It’s up to anti-cheat providers to protect games from those who seek to break them open. Bastian Suter, the CEO and lead developer of BattlEye, a service that aims to protect both Fortniteand its main rival, PlayerUnknown’s Battlegrounds, as well as many other online enabled titles, runs one of these providers. He explains that this kind of cheat is common, that is, the cheat that doesn’t actually function as a cheat, but is simply just disguised malware. “There simply isn’t much public stuff for [Battleye] games out there.” The ones which do work are usually shared only in private groups, making it hard for anti-cheat companies to get a hold of them.
The source of these downloads, Suter says, often lead back to one country in particular. “China is one of biggest challenges for us currently. The hacking market in China is huge. Hackers there update pretty much all the time and so it’s a constant battle against them. As a result, the issue cannot be completely solved, however this also pushes us to constantly improve.” In February 2016, malware was discovered in add-ons for the online card game Hearthstone.
According to Rainway CEO Andrew Sampson, by the time the company notified the file host of the most recent Fortnitemalware, the cheat had already been downloaded over 78,000 times. This is not surprising, given how easy it is to find these cheats online, and that this example, like many others, doesn’t cost money to use. They’re just a simple Google search away.
Rainway also says Fortnite creators Epic Games should be more diligent in preventing cheating by moderating the YouTube videos which show off the cheats and help promote their usage, therefore reducing the number of potential cheating players. Previously, fake Fornite downloads for Android that also contained malware were being advertised on YouTube.
Epic itself would likely disagree, and this is certainly supported by last year’s story about it suing a 14-year-old player who streamed himself playing Fortnite with cheats. In a statement to The Verge, it said: “Epic is not okay with ongoing cheating or copyright infringement from anyone at any age. As stated previously, we take cheating seriously, and we’ll pursue all available options to make sure our games are fun, fair, and competitive for players.”
For Suter, these ads are not much of a concern. “It’s very hard to find any working hacks just by using Google. I guess it’s unfortunate but quite ironic if people looking for cheats actually end up downloading malware.”
On the other side, cybersecurity companies deal with the malware itself. Candid Wueest, a senior principle threat researcher for Symantec, encounters this kind of issue a lot. “You can’t download cheats from a trusted source, most [cheaters] rely on forums where they have read about them, or they just google for a cheat. That is a starting point for ending up on the wrong side of the internet. So you will end up on pages where you download something that is not verified, and therefore the chances of it having malware is really high.”
Sometimes these cheats end up being blocked by security software because they are very similar to normal malware. However a lot of the time, Wueest says, the cheats are left alone for the game publishers and anti-cheat providers to deal with.
This kind of scheme stretches beyond gaming too of course, he continues. “You can find the same if you look for free streaming of movies or music. We’ve seen the same for key generators (software which will fake licenses for programme suites like Microsoft Office or Adobe Creative Suite); where most of them have malware in it.”