Since Rainway system allows only whitelisted domains, users can connect only to approved URLs
Photo Credit : Shutterstock,
Recently, a Web-based game-streaming platform Rainway, reported that tens of thousands of Fortnite players that have infected their systems with a piece of malware that hijacks encrypted Web sessions in order to inject fraudulent ads into every website a user visits.
Rainway CEO, Andrew Sampson, published a blog post in which he said that the company began receiving hundreds of thousands of error reports from its server logs last week. After investigating, the team found that the systems of their users were attempting to connect with various ad platforms.
Since Rainway system allows only whitelisted domains, users can connect only to approved URLs and every ad-related requests got blocked which in return resulted in errors that helped Rainway identify the issue.
As these errors kept flowing in, the company examined the root cause of such errors by analysing what these users had in common. According to the company, their ISPs were different, they did not share any hardware and in fact, their systems were also up to date. There was just one thing that was common - they all played Fortnite.
How were the systems infected?
It was discovered that the affected users had installed cracked versions of Fornite tools which were being advertised through Youtube videos. These tools claimed to generate free V-bucks to give those users an unfair advantage over other players.
However, in reality, these hacks installed a root certificate on the infected computers that allowed hackers modify all network traffic using a man-in-the-middle attack, even if the web session is encrypted.
The hackers leveraged the popularity of the Fortnite game to spread adware that alters the pages of a web request to serve its own ads. According to the reports, the malware had already been downloaded 78,000 times before it was taken down.