A supposed cheat for the massively popular video game Fortnite turns out to be malware designed to steal Bitcoin wallet login details.
That’s according to Malwarebytes Labs, which reported finding the malicious program on Oct. 2.
An investigation by the Califonia-based cybersecurity firm followed a trail from one of many dubious videos posted on YouTube that led to a “little slice of data theft malware disguised as a cheat tool,” it said.
The YouTube account propagating the file via a URL in the description has over 700 subscribers, according to the report, while the video had been viewed over 2,200 times.
Once clicked, the link takes the visitor/potential victim to a page asking them to subscribe to the YouTube account, after which they are allowed to download the fake tool.
“As far as the malicious file in question goes, at time of writing, 1,207 downloads had taken place. That’s 1,207 downloads too many.”
The team found that the malware was designed to steal data from users’ PCs ranging from browser autocomplete text to Steam sessions, and ultimately sends the ill-gotten info to an I.P. address in the Russian Federation.
Of concern to cryptocurrency users, it also looks for data linked to Bitcoin wallets – with one image provided in the report that shows the malware specifically seeks out data related to the Electrum wallet.
While the malware itself likely isn’t new, the firm warns that it can still be damaging to those that install it.
“Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward,” the firm says.
Fortnite image via Shutterstock