Web-based game-streaming platform Rainway reports that on June 26 it began receiving hundreds of thousands of error reports — over 381,000 in fact. The company’s engineering team dug through the logs trying to find the source of the problem. As they sorted through the mess, they discovered that the errors were coming from all sorts of users with different hardware and ISPs. The only thing they seemed to have in common was that they all played Fortnite.
It appeared that some form of malware was attempting to call various ad platforms through the Rainway servers. Since the company whitelists URLs internally, the calls were generating errors and had “the unintended side effect of shining a light on a much broader issue.” It also provide engineers with a URL that they later used to identify the source of the malware.
Sifting through thousands of YouTube videos on Fortnite hacks, and subsequently hundreds of cheat programs, the team finally found a hack that used the URL that kept turning up in its logs. The software claimed to provide the player with an aimbot and a way to generate free V-Bucks (Fortnite’s in-game currency).
"Sometimes the allure of cheating is powerful, and a strong presence is needed to help push people in the right direction."
It was a pretty clever ploy by the malware makers — a way to quickly kill your opponents and get free money in the process would be hard for a cheater to resist. Indeed, the program had already been downloaded 78,000 times by the time Rainway found it.
However, instead of a cheat the hack set up a man in the middle attack. Upon running, the software immediately installs a root certificate on the computer. It then orders Windows to proxy all traffic through itself.
“The adware then began altering the pages of all web request to add in tags for Adtelligent,” said Rainway.
Rainway informed the company hosting the malware and it was immediately removed. It also notified all infected Rainway users of the malware and warned everyone not to download random programs — something that should go without saying.
"Sometimes the allure of cheating is powerful, and a strong presence is needed to help push people in the right direction," the company said.
It also feels Epic should put forth an effort to have YouTube videos advertising these hacks taken down. The fake aimbot/V-Bucks malware that it dealt with was just one out of hundreds of cheat programs that it found via YouTube.
It is unfortunate that Rainway was affected by this outbreak, but it is hard to have sympathy for the cheaters who in my opinion got what they deserved.