“We hate these things as much as you do, but they keep us alive,” reads one such page. “Please fill out a short form to receive a password and show us your support.”
Website inspection tools such as URLScan show several suspicious domains that interact with the CPABuild infrastructure hosted on Amazon Web Services (AWS). Amazon’s trust and security teams are reviewing the results of the Edwards investigation, says Patrick Neihorn, AWS spokesperson: “The AWS Terms of Service prohibit customers from using our services for any illegal or fraudulent activity, and our customers are responsible for complying with our terms. and all applicable laws,” Neuhorn explains.
Nothing is free in this life
For their part, video game companies claim that some of the websites hosting the pages are illegal. “This is a scam,” says Jake Jones, director of communications for Epic Games, the company that created Fortnite. “Players have never been able to sell, gift or trade in-game V-Bucks to another player or sell virtual items to each other,” he states. Similarly, James Kay, a spokesperson for Roblox, says that using third-party services to “buy, sell, trade, or gift Robux” is prohibited, and people should avoid “offers” on websites that promise free currency in Roblox. games or other items.
Victoria Kivilevich, director of threat research at security firm KELA, says the company has seen discussion of CPABuild on hacking and cybercrime forums. At one site, according to Kivilevich, Someone recommends creating a YouTube channel with stolen games and content from software to attract video. “The user recommends using CPABuild to put the URL of what appears to be CPABuild-derived content in the video description and attract visitors who click on the URL,” Kivilevych says, adding that Fortnite and Roblox are covered frequently. discussions.
“Many users are looking for instructions on how to get approved for CPABuild and which CPABuild accounts they can purchase,” says Kivilevich.
While many of the poisoned PDFs lure people into scams, not all of them do so: “It appears that some CPABuild customers are the authors malware“Sometimes, days after a negative article about China appeared in the news, some of these keyword PDFs would appear and include words similar to those in the news articles.” result on the first page of the search, and then maybe three or four more baithe warns. All these pages dealt with malware“, he concludes.
Article originally published on WIRED. Adapted by Mauricio Serfatti Godoy.