More than 78,000 players on 'Fort Knight' turned out to be infected with malware due to malicious tools

A popular battle royal game " Fort Knight " has reported that users who used malicious tools were infected with malware. This malware installs malware, infects Windows PC at the same time, intercepts encrypted HTTPS traffic and displays fraud advertisement on the website you are viewing.

How We Discovered a Virus Infecting Tens of Thousands of Fortnite Players
https://blog.rainway.io/how-we-discovered-a-virus-infecting-tens-of-thousands-of-fortnite-players-e5dd6fe1ff55

"Fort Knight" is a basic free popular battle royal game distributed on PC · PlayStation 4 · Nintendo Switch · smartphone. In June 2018, the number of players exceeded 125 million people, and the maximum monthly revenue exceeded 300 million dollars (about 33 billion yen) .

On the other hand, " Rainway " which is distributed beta version in January 2018 is an application that can play PC game with various devices such as PlayStation 4 · Xbox One · Nintendo Switch · smartphone.

Early in the morning of June 26, 2018, Andrew Sampson , CEO of the Rainway operating company, noticed that an abnormal amount of error report was expelled from the server, over 380,000. As a result of the investigation, it turned out that there was evidence that some user's Rainway application was trying to connect to various advertising platforms. Because Rainway had content loaded only to registered domains, requests from advertisement related servers were automatically refused connection, and some users rainway had errors every time.

Further investigation also showed that all Rainway users infected with malware were playing "Fort Knight" and the infected users had installed the "Fort Knight" cheat tool. The cheat tool is an illegal program that makes the balance in the game greatly out of control, such as improperly increasing the currency in the game or supplementing the sniper accuracy in the game. Such a cheat tool seems to be a thing that only advertising movies come out like mountains when searching on YouTube and Twitter, and the staff of Rainway tried installing it, that the presence of malware was confirmed .

Malware infecting when installing cheat tool will install root certificate on infected PC. Then we set up all web traffic of the PC to be done through the proxy and do man- in-the- middle attacks . Specifically, it displays the pre-set fraud advertisement on the website you are browsing.

The Rainway team notified the company hosting the cheat tool containing malware and sent a warning to all Rainway users suspected to be infected with malware. It is said that malware was quickly deleted and can not be downloaded, but it has already been downloaded over 78,000 times.

Rainway tells gamers that they will never use dubious hack tools and cheat tools on YouTube and Twitter.