Fortnite players are being targeted by malware again, but this time with a new twist: code that seeks to steal data, including bitcoin wallet details.

Detected by Malwarebytes researcher Christopher Boyd and publicized Tuesday, the malware is being distributed via links and enticements on YouTube videos offering cheats and other freebies for the wildly popular Battle Royale-style game.

In one case, a video is said to direct those who click on it to a survey that needs to be completed to access a cheat for game. After the survey is completed and a download offered, the program introduces the data-stealing malware.

“Once the initial .EXE (which weighs in at just 168KB) runs on the target system, it performs some basic enumeration on details specific to the infected computer,” Boyd explained. “It then attempts to send data via a POST command to an /index.php file in the Russian Federation, courtesy of the IP address 5(dot)101(dot)78(dot)169.”

The malware then starts to look at various items on the infected PC, including browser session information, cookies, bitcoin wallets and Steam sessions, details of which are sent to the Russian server.

The video, in that case, had only been viewed slightly more than 2,200 times, with half that many downloads, but Boyd noted that other videos directing users to Malware have had views in the hundreds of thousands prior to removal by YouTube.

This isn’t the first time Fortnite players have been targeted by malware and, given its popularity, it won’t be the last.

In June, a number of fake apps containing malware were found prior to the official release of the game on Android, while research in September found that more than half of all unofficial Android apps for the game contain a form of malware.

Players are reminded to have up-to-date antivirus software installed and to be wary of downloading any unofficial apps or software relating to the game.

Image: Epic Games