Fortnite scam ads and videos targeting young viewers on YouTube have been around for a while, but a new report suggests they contain malicious files that can steal data from users.
Christopher Boyd, the lead malware intelligence analyst at anti-virus software company Malwarebytes, published a report last week examining the impact of Fortnite scam ads and videos on YouTube on those who proceeded to click through or download an app from an external source found in a description below the video. Boyd and his team investigated a number of suspicious Fortnite videos on YouTube, many of which have generated hundreds of thousands of views. These videos focus on “‘free’ Android versions of Fortnite ... the ever-popular blast of free V-Bucks; used to purchase additional content in the game, and a lot of bogus cheats, wallhacks, and aimbots,” wrote Boyd.
Epic Games’ co-founder, Mark Rein, takes these scams seriously. Rein tweeted about “yelling at a room full of YouTube execs” in May following a Polygon report that dug into the number of Fortnite scams populating on YouTube. This isn’t unique to Fortnite; counterfeit Grand Theft Auto ads have run on YouTube for years. A YouTube representative gave Polygon a blanket statement about how their team tackles scams and deceptive videos at the time.
“We detect and remove millions of spam videos with YouTube machine learning algorithms systems and our teams continue to train these systems to adapt to new types of abuse, allowing us to tackle this content at scale,” a YouTube spokesperson told Polygon at the time. “We use teams of highly trained content reviewers to determine whether videos violate our Community Guidelines. We are committed to removing spam quickly, in many cases, preventing it from ever being viewed by users, while also making sure that we do not harm legitimate creators.”
Boyd reports that many of these videos include “data theft malware disguised as a cheat tool.” The analyst discovered that infected ads direct people to a “fairly good-looking portal claiming to offer up the desired cheat tools, and it stands a fair chance of convincing youngsters of its legitimacy.”
“Malwarebytes detects this file as Trojan.Malpack, a generic detection given to files packed suspiciously,” Boyd writes. “In this case, a little digging showed us the payload is a data stealer. Once the initial .EXE runs on the target system, it performs some basic enumeration on details specific to the infected computer.”
Although this type of malware isn’t specifically new — again, these types of ads run on YouTube all the time — Boyd suggests that, considering the current popularity of Fortnite and the number of young kids playing, it is particularly harmful.
“Combining it with the current fever for new Fortnite content is a recipe for stolen data and a lot of cleanup required afterward,” Boyd writes.
On multiple subreddits, YouTube users and Fortnite players have aired their grievances with the barrage of obvious scams appearing on videos for months.
“What’s fucked up is they are obviously scams, and YouTube doesn’t do anything about it,” one Reddit user wrote recently about the ubiquity of Fortnite-related and other scam ads. “You actually have to physically go on the video to report it, resulting in giving them views.”
YouTube’s policy regarding spam, deceptive practices and scams states that content which “deliberately tries to mislead users for financial gain may be removed, and in some cases strikes may be issued to the uploader.” The policy also states that users should “be wary of claims that seem too good to be true, as they likely are.”
Polygon has reached out to YouTube and Epic Games for further comment on the issue.