Fortnite players and Steam subscribers take note. Gamers have reported ransomware and account take-overs after receiving an offer to download a game cheat or a free game. Constantly looking for a winning edge, some gamers will input cheat codes or download hacks that can be found across the internet from often questionable websites.
In this case according to Cyren.com, a cloud internet security company, Fortnite forum users are being lured into downloading ransomware with a .Srk extension that “promises to give players an edge in aiming accurately (an aimbot) and knowing the locations of other players (ESP, in the gamer parlance)”. Once downloaded, the file will insert ransomware on to the player’s computer and encrypt all files, followed by an ominous message stating that the user’s files will remain encrypted until they pay the hacker to receive an access code to retrieve their files. Often the hacker will threaten to delete all the user’s files if they don’t pay within a specified period or if they try to remove the ransomware before paying.
For Steam subscribers, the lure of a free game is hard to pass up. This is where hackers take advantage of players. Hackers take over a few subscriber accounts and then send free game offers out to all their gaming friends. The hacker’s goal is to steal gamer credentials and Steam inventory to sell on the black market. Here’s how the scheme works.
Gamers are presented with the offer and a link to go to a bogus free game site to claim their game. Once on the site, they see a partial promo code and are required to login to their Steam account to redeem the offer, while still on the malicious site. Once done, the hackers will work quickly behind the scenes to take over the subscriber’s account by changing the email, password, and telephone number on their account. At this point the subscriber will be completely locked out of their account with little recourse but to report the hack to Steam support and create a new account.
- Never download any cheat codes or game hacks from any third-party website, including those on game-specific forums.
- Never click on any links that take you off the gaming site no matter how great the offer sounds.
- Always keep your computer, internet browser, anti-virus & anti-malware up to date.
- If your Steam subscriber account is taken over, report it Steam support immediately. Notify the bank or credit card company for the card linked to your account that your card has been compromised. Ask that a fraud alert be placed on your credit card account. Monitor your credit card accounts closely.
- If you fall victim to ransomware, disconnect from the internet immediately, then take your system to a computer professional for assistance. Don’t try to remove the ransomware code on your own.
- In either situation, once your account or computer has been compromised, you could be subject to further identity theft. Go to idtheft.gov to find out how to recover from identity theft.
Sources: DarkReading.com, BleepingComputer.com, Cyren.com.