Skip to content

July 3, 2018

Game stream service found adware plaguing over 78,000 ‘Fortnite’ players

by John_A

Game streaming service Rainway recently discovered adware plaguing over 78,000 Fortnite players. Rainway is a game streaming client installed on your PC that will stream your games to other devices using an internet connection. The platform itself includes a tracker that records error reports for the engineering team. To their surprise, hundreds of thousands of these reports began appearing on June 26, raising a red flag.

“Not feeling very excited to see such an influx of events on a Tuesday the engineering team was a bit flustered, after all, we hadn’t released any updates to that particular piece of our solution,” says Rainway CEO Andrew Sampson. “It became pretty clear soon after that this new flood of errors was not caused by something we did, but by something someone was trying to do.”

After examining the reports, the team noticed calls to various advertisement platforms. Given Rainway doesn’t include ads, they dug deeper and discovered that JavaScript was attempting to grab advertisements but couldn’t because only specific web addresses are whitelisted by the platform. The resulting JavaScript errors are what flagged the Rainway team.

A further examination confirmed that the problem had nothing to do with the Rainway platform itself. That pushed the team to seek out a common factor. Since customers have different hardware configurations and internet service providers, the only common factor in the error reports was Fortnite. More specifically, a Fortnite hack.

The beauty of PC games is that many can be modified. The dark side of this benefit is that hackers will take advantage of gamers wanting cheats, cool weapons, and armor. The team jumped on YouTube, discovered who and what hacks you can download for Fortnite, and installed “hundreds.” Most were malicious, but the team sought after one specific hack.

Ultimately, they struck gold. The offensive hack promised free V-Bucks (the in-game currency) and an auto-aim component. The team created a virtual machine and installed the hack to see adware route all internet traffic through itself. The result was a man-in-the-middle attack that generated web page requests containing tags for Adtelligent.

Sampson says Fortnite players downloaded the fake mod more than 78,000 times before it was pulled by the file host due to Rainway’s report. The team also contacted video ad serving platform SpringServe to identify the “abusive creatives” and Adtelligent to report the ad-based keys linked to the internet addresses.

“We’ve also put out an alert to all infected users and increased our security by enabling certificate pinning, helping mitigate any future MiTM attacks,” Sampson says. “In the future, we will alert users when we detect any foreign activity that we think could be a sign of an infection.”

Ultimately, Rainway received 381,000 reports stemming from the malicious Fortnite mod.

As Sampson points out, if something you download seems too good to be true, you may end up reformatting your PC. Mods are great for PC gaming, but only through controlled platforms that examine the legitimacy and safety of these user-created modifications. Not everyone has good intentions.

Editors’ Recommendations

  • Google might be planning a game console. That doesn’t mean it will happen
  • App downloads and revenues continue to grow on Android and iOS
  • Intel reportedly gears up to patch 8 Spectre Next Generation CPU flaws
  • Google ‘Yeti’ game console rumors: Everything we know
  • Adware posing as a private network client secretly takes screenshots



Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: