Apparently there was a threat in my Fortnite webcache. Does anyone know how this could even happen?
Hello. First, scan (and disinfect, if needed) your PC with Bitdefender Rescue Environment: https://www.bitdefender.com/consumer/support/answer/29132/ Next, restart your PC and see if the issue has been solved. If the steps provided above didn't help, do the following steps: First, take screenshot(s) of the issue. Next, create a log file on your Windows device using Bitdefender Support Tool, by following these steps: https://www.bitdefender.com/consumer/support/answer/1733/ and create a log file on your Windows device using BDsysLog, by following these steps: https://www.bitdefender.com/consumer/support/answer/1922/ Finally, contact Bitdefender Consumer Support by e-mail: https://www.bitdefender.com/consumer/support/help/ with short description of the issue. After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number. Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step. Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue. Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution. NOTE: If any of the log file is larger than 25MB, you can upload the log file here: https://upload.bitdefender.net/ After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support. Regards.
Hello,
I think there are a few possible infection vectors here.. looking at the threat identifier, that typically indicates obfuscated or stealth injected malicious s.c.r.i.p.t.s, especially those associated with cryptojacking, browser hijackers, click fraud scripts, or even data skimmers. 'JS' prefix indicates a javascript-based payload, and the presence of 'EtherHide' in the name suggests stealthy behavior meant to conceal activity. As for how it got there, well if Fortnite loaded an ad or newsfeed via its embedded browser and that content was compromised, the webcache could store infected javascript. Or it may have something to do with third-party mods, cheat engines, or cosmetic injectors for Fortnite, those tools may have injected malicious scripts that were cached. Or if the pc was previously compromised(unlikely imho if you were already running the antivirus), the malware may have piggybacked on Fortnite’s cache directory to mask its activity. Another possibility, although it's just an assumption, like the rest, if the system was on a compromised network, it’s possible that malicious content was injected into a legitimate web request and saved by Fortnite’s cache.
The good news about this is that Bitdefender detected and removed the threat. Still, I think some proactive steps won't hurt. For starters, you can clear Fortnite's cache manually, so delete the entire cache folder. Then run a full system scan, to ensure no related payloads or backdoors remain under the radar. A good practice is to remove any unofficial mods, launchers, or overlays. While it may be tempting to use mods or cheat engines, these can often include unwanted malicious addons, so choose the source wisely. If necessary, reinstall Fortnite altogether. One more thing, you can also use task manager or autoruns by sysinternals to ensure no strange processes are active.
While Bitdefender successfully deleted the threat, I think understanding how it got there is critical to prevent recurrence. It may not be a direct fault of Fortnite itself, but could be related to third-party content loaded within it or broader system vulnerabilities..
I hope this helps.
Regards,
Alex
