Don’t Download the Latest Fortnite Aimbot – It’s Malware
I’m terrible at Fortnite – so much so that even using some targeting bot or other hack to “improve” my matches would probably make me as worthy as a regular Fortnite player. However, I will not try any Fortnite hacks I find on the Internet, especially the latest “SydneyFortniteHacks.exe,” because it is more likely to damage your system than your Battle Royale competitors.
According to the researchers Cyren , published on Tuesday in the course is a new sight-bot Fortnite – one that promises to give players the perfect way to shoot their way to peers and see where all the players are on the map at any time. If that were true, you would no doubt run the risk of being banned from Epic’s servers for cheating, but you won’t even get that far because the aimbot in question is actually malware in disguise. As Siren describes:
“We dived deep into the sample Leo reported to understand how it works, with the step-by-step analysis outlined below, and perhaps most interestingly, we can report (spoiler alert!) That this Syrk ransomware is actually is Hidden-Cry with the .Syrk extension. The source code for Hidden-Cry is readily available since it was posted on Github late last year.
One of the main features of Hidden-Cry ransomware is that, as you can see from the instructions shown, it gives the victim the sense of urgency it creates by deleting files every two hours. However, we believe that victims can recover deleted files given the simple method used to delete files. “
Said malware – actually ransomware – performs a number of annoying tasks when launched, including disabling Windows Defender / Security and UAC; hiding a file on your system that is looking for a bunch of files to encrypt; removal of malware in the Startup folder so that it always works when the computer boots; and configure the deletion of encrypted files in time in the “Pictures”, “Desktop” and “Documents” folders.
Yes, and it will infect any connected USB drives as well.
If you foolishly installed this targeting bot and encountered this annoying ransomware, Siren notes that it is quite easy to restore access to your files:
“… the main malware also dumps the file where the password can be found. Removes the following files:
C: \ Users \ Default \ AppData \ Local \ Microsoft \ -i + .txt -> file containing a randomly generated identifier
C: \ Users \ Default \ AppData \ Local \ Microsoft \ -pw + .txt -> file containing password
C: \ Users \ Default \ AppData \ Local \ Microsoft \ + dp-.txt -> file contains ID and password. This will be sent to the email address. “
Decrypt the files, and a special program delete.exe will be launched to remove the ransomware from your system. However, at this point, I would probably trust your virus and malware scanner more than the ransomware itself. Make sure your apps are up to date, reboot into safe mode and do a full scan of your system with both apps.
Also stop downloading and installing Fortnite hacks. The risks aren’t worth the meager rewards (no matter how many chicken dinners you win).