UPDATED 22:27 EDT / JUNE 24 2018

INFRA

Security researchers warn of links to fake Fortnite Android apps

Fortnite fans are being warned of links to fake Android apps purporting to offer the game, not least because game creator Epic Games has yet to release an official Android app.

If you haven’t heard of Fortnite yet, it is currently the most popular online game. Using the Battle Royale last-man-standing format that saw PlayerUnknown’s Battlegrounds become a hit last year, Fortnite as of early June had 3.4 million concurrent online players on average at any given point. That’s people actually playing the game, swamping the competition.

Along with being free, much of Fortnite’s success is thanks to cross-platform support, with Fortnite available on PlayStation 4, XBox One, Nintendo Switch, PC and both Apple’s MacOS and iOS. The one main platform missing on the list is Android, and that’s where scammers have stepped in.

The fake links are not located on the Google Play Store but are instead being offered to people searching terms such as “How to install Fortnite on Android” or “Fortnite for Android” in Google or via links in YouTube ads and videos. Should users click on the ads, instead of obtaining a working copy of Fortnite, they end up with malware on their phones, according to Malwarebytes.

Dirk Morris, chief product officer at Untangle Inc., told SiliconANGLE that “Fortnite is an absolute phenomenon at this point, so it is naturally attracting cybercriminals. Scams targeting unsuspecting gamers range from selling fake vBucks to presenting malicious app downloads.”

He warned that users must always exercise caution with third-party apps, whether they’re browser plug-ins, Facebook quizzes or mobile phone apps. “Malware and privacy concerns require constant vigilance,” he said.

Chris Morales, head of security analytics at Vectra Networks Inc., noted that the fake links are a form of social engineering that requires a human to perform a series of actions.

“There is always huge demand for these large games and impatient gamers who want access to the latest games immediately,” he said. The fact that Fortnite hasn’t even been released on Android, he said, “should be the first indicator to any gamer that this is a malicious download. With 125 million players anxiously waiting to play the latest version of Fortnite, these attacks succeed and unfortunately will continue to persist.”

Anupam Sahai, vice president of product management at Cavirin Systems Inc., said he believes that the news of fake Fortnite apps signals a broader problem.

“The root problem is not fake Fortnite apps per se, but the existence of malicious apps in general, and in the excitement of the moment, an individual downloading what looks to be an app via a mobile browser versus an official app store,” Sahai explained. “This opens up a host of potential vulnerabilities, and with the increasing use of one’s smartphone for both business and pleasure, sometimes without any formal security management controls, the potential that this creates a vector for an enterprise breach is great.”

Image: Epic Games

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU