Fortnite Aimbot Cheat is in Fact a Crypto-Stealing Ransomware

A new ransomware that pretends to be an “aim bot” for the popular game Fortnite, locks up and then deletes its victim’s files if a ransom is not paid in cryptocurrency, cloud security specialists at Cyren have uncovered.

The ransomware, named Syrk, pretends to be a cheating tool for the game, but when unsuspecting gamers run the application, it starts to encrypt the files on their hard drive and USB drives. After that, gamers are met with a message which warns them that if they do not pay a ransom in crypto, their files will be deleted one after the other, with a two hour window.

Having around 250 million registered accounts, Fortnite is one of the most popular games in the world. The recent Fortnite World Cup had a prize pool of $30 million, and the game has seen an online audience of more than two million viewers, but it seems that this popularity has brought the attention of hackers, especially with some gamers always looking for shortcuts. Chris Morales, head of security analytics at Vectra, said:


“Combining game malware with ransomware was inevitable. Social engineering through online video games has been going on for some time. It is a large audience to target and an industry that is known to look for shortcuts. Malware posing as a hack tool is novel as it will not be validated by any app store and bypasses the normal security controls. This makes encrypting files using a game hack highly opportunistic and easy to execute.”

Luckily for Fortnite gamers, the source code behind Syrk is the Hidden-Cry ransomware, which has already been made readily available as it was shared on Github at the end of last year. Researchers at Cyren have already found, and published, two methods that can be used to decrypt affected files without paying the crypto ransom for the decryption password.