Tens of thousands of Fortnite players have been infected by malware that hijacks encrypted Web sessions so it can inject fraudulent ads into every website a user visits, an executive with a game-streaming service said Monday.
Rainway CEO Andrew Sampson said in a blog post that company engineers first detected the mass infections last week when server logs reported hundreds of thousands of errors. The engineers soon discovered that the errors were the result of ads that somehow were injected into user traffic. Rainway uses a technique known as whitelisting that permits customers to connect only to approved URLs. The addresses hosting the fraudulent addresses—hosted on the adtelligent.com and springserve.com domains—along with unauthorized JavaScript that accompanied them made it clear the traffic was generated by malware infecting a large number of game players using the Rainway service. Rainway is a cloud-based service that lets people play PC games remotely, similar to PlayStation Now.
“As the errors kept flowing in, we took a glance at what these users had in common,” Sampson wrote. “They didn’t share any hardware, their ISPs were different, and all of their systems were up to date. However, one thing did stand out—they played Fortnite.”