***Please move to gaming I need to leave asap sorry***

Tens of thousands of Fortnite players have been infected by malware that hijacks encrypted Web sessions so it can inject fraudulent ads into every website a user visits, an executive with a game-streaming service said Monday.

Rainway CEO Andrew Sampson said in a blog post that company engineers first detected the mass infections last week when server logs reported hundreds of thousands of errors. The engineers soon discovered that the errors were the result of ads that somehow were injected into user traffic. Rainway uses a technique known as whitelisting that permits customers to connect only to approved URLs. The addresses hosting the fraudulent addresses—hosted on the adtelligent.com and springserve.com domains—along with unauthorized JavaScript that accompanied them made it clear the traffic was generated by malware infecting a large number of game players using the Rainway service. Rainway is a cloud-based service that lets people play PC games remotely, similar to PlayStation Now.

“As the errors kept flowing in, we took a glance at what these users had in common,” Sampson wrote. “They didn’t share any hardware, their ISPs were different, and all of their systems were up to date. However, one thing did stand out—they played Fortnite.”

Root certificate installed

Suspecting the malware was spread by one of the countless Fortnite cheating hacks available online that promise to give users an unfair advantage over other players, Rainway researchers downloaded hundreds of the hacks and scoured them for references to the rogue URLs. The researchers eventually found one Sampson declined to name that promised to allow users to generate free in-game currency called V-Bucks. It also promised users access to an “aimbot,” which automatically aims the character’s gun at opponents without any need for precision by the player. When the researchers ran the app in a virtual machine, they discovered that it installed a self-signed root certificate that could perform a man-in-the-middle attack on every encrypted website the user visited.

Sampson wrote: “Now, the adware began altering the pages of all Web requests to add in tags for Adtelligent and voila, we’ve found the source of the problem—now what?”

Rainway researchers reported the rogue malware to the unnamed service provider that hosted it. The service provider removed the malware and reported that it had been downloaded 78,000 times. In all, the malware generated 381,000 errors in Rainway’s logs. The researchers also reported the abuse to Adtelligent and Springserve. Adtelligent, Sampson said, didn’t respond, but Springserve helped to identify the abusive ads and remove them from its platform. Adtelligent officials didn’t immediately respond to a message seeking comment for this post. Officials from Epic Games, the maker Fortnite, declined to comment.

Sampson also said that Rainway implemented a defense known as certificate pinning. Certificate pinning binds a specific certificate to a given domain name in order to prevent browsers from trusting fraudulent TLS certificates that are self-signed by an attacker or misissued by a browser-trusted authority. While the adoption of certificate pinning is a good defense-in-depth move, it unfortunately would do nothing to protect users against root certificates installed to perform man-in-the-middle attacks, as Google researchers have warned for years. That means the malware has the ability to read, intercept, or tamper with the traffic of any HTTPS-protected site on the Internet.

The rash of infections is the latest cautionary tale about the risks of installing shady software provided by unknown sources. People who suspect they have been infected should install antivirus protection from a name-brand provider and thoroughly scan their systems ASAP.

Promoted Comments

elerek Smack-Fu Master, in training
jump to post
ziegler wrote:
show nested quotes



More to the point....

They didnt discover the cheating.
They only discovered someone fucking with their cash flow.

Edit to add: Even MORE to the point..... Not only did they not discover the cheating, nothing in the article says they did a single thing or even gave a single fuck about the cheating once discovered.



Epic Games isn't the one who found out about the cheating, Rainway is. Rainway doesn't run fortnite and can't do anything about the cheating themselves, nor is it their job to. Also, they don't make money off of fortnite (directly at least).

Epic Games might move to do something, but they don't have any comments in this article.

Edit to add: The only cash flow interrupted by anything mentioned in the article is the cash flow of the maker of the cheat software because their ads are being blocked by Rainway (only for the fortnite players with the cheat software who are also using rainway).