MALWARE ALERT: Don’t Download The Latest Fortnite Aimbot

I’m terrible at Fortnite — so much so that even using some kind of aimbot or other hack to “improve” my matches would probably only make me as decent as a regular Fortnite player. Still, I won’t be trying out any Fortnite hacks I find online, especially the latest “SydneyFortniteHacks.exe,” because it’s more likely to damage your system than your battle royale competitors.

According to a Wednesday post from Cyren researchers, a new Fortnite aimbot is making the rounds — one that promises to give players a perfect way to shoot their peers and a way to see where all players are on the map at any given time.

Were this true, you’d undoubtedly risk being banned from Epic’s servers for cheating, but you’re not even going to get that far because the aimbot in question is actually malware in disguise. As Cyren describes:

“We’ve taken a deep dive into the sample reported by Leo to understand how it works, with the step-by-step analysis laid out below, and perhaps most interestingly can report (spoiler alert!) that this Syrk ransomware is in fact Hidden-Cry with a .Syrk extension. The source code for Hidden-Cry is readily available, having been shared on Github at the end of last year.

One principle feature of the Hidden-Cry ransomware is that, as seen in the instructions shown, is the sense of urgency it creates in the victim by deleting files every two hours. However, we believe it is possible for victims to recover deleted files, given the simple method used to delete the files.”

Said malware — really, ransomware — performs a number of unpleasant tasks when you run it, including disabling Windows Defender/Security and UAC. Hiding a file on your system that looks for a bunch of files to encrypt, dropping the malware in your Startup folder so it’s always running when you boot your machine and setting up a timed deletion of encrypted files in your Pictures, Desktop and Documents folders.

Oh, and it’ll also infect any USB drives you have connected, too.

If you’ve foolishly installed this aimbot and find yourself butting heads against this pesky ransomware, Cyren notes that regaining access to your files is pretty easy:

“…the main malware also drops the file where you can find the password. It drops the following files:

C:\Users\Default\AppData\Local\Microsoft\-i+.txt -> file containing the randomly generated ID

C:\Users\Default\AppData\Local\Microsoft\-pw+.txt -> file containing the password

C:\Users\Default\AppData\Local\Microsoft\+dp-.txt -> file contains ID and password. This will be sent to an email address.”

Decrypt the files, and a special delete.exe program will run to remove the ransomware from your system. At that point, though, I’d probably trust your virus and malware scanner more than the ransomware itself. Make sure your apps are updated, reboot into Safe Mode, and run full scans of your system using both apps.

Also, stop downloading and installing Fortnite hacks. The risks aren’t worth the meager rewards (no matter how many chicken dinners you win.)


One response to “MALWARE ALERT: Don’t Download The Latest Fortnite Aimbot”

Leave a Reply