Android users eager to play the increasingly popular Fortnite survival game on their mobile devices are being targeted left and right with malicious apps masquerading as the game or apps related to it.
What is Fortnite?
Fortnite is a co-op sandbox survival game published by Epic Games. It was released for Microsoft Windows, macOS, PlayStation 4, and Xbox One in July 2017 and, more recently, for iOS.
Its popularity is steadily rising and Epic has finally announced that the game will be ported to Android and the app likely released this summer.
But malware peddlers and scammers are not waiting for summer to take advantage of the hype, and have already started pushing fake Fortnite apps, both on Google Play and third-party Android markets, and through dedicated websites.
Scammy Fortnite apps
Zscaler researchers have spotted an app on Google Play that purportedly allows players to earn free V-Bucks, Fortnite’s in-game virtual currency.
But, in order to get the wanted amount, users are required to rate the app with five stars on Google Play, leave a promotional comment (the app helpfully provides a variety of pre-prepared ones), to pass the (fake) human verification screen by completing surveys and downloading additional apps.
“This fake app was downloaded over 5 thousand times and has been rated five stars over four thousand times, before we reached out to Google Security team who promptly removed the app,” the researchers noted.
None of those users who downloaded and rated the app received the free V-Bucks.
Similar apps, posing as a beta version or final versions of the game for Android, are being pushed through sites parked on suggestive domains such as betafortnite[.]com (see image above) and androidfortniteapk[.]com.
These, as well, ask for verifications that include filling out surveys and downloading other apps that will generate revenue for the app developer.
Spyware posing as Fortnite for Android
The researchers have also spotted a piece of spyware posing as the game. It shows an icon with the Fornite name, but in the background it harvests call logs, SMS logs, SMSes, and phone contacts.
It is also capable of making calls and sending out text messages, accessing the phone’s camera and taking pictures, accessing the file manager, recording audio and keystrokes, accessing accounts, and wiping device data.
Finally, the malware prompts users to enable Accessibility access for the app, which can allow it to do certain privileged operations without the user’s interaction.
The good news is that the researchers have yet to see the spyware making a connection to its C&C servers, making them believe that the spyware is still under development and not operational.
Advice for users
Those who have downloaded the spyware are advised to disable Accessibility access for the app (Settings -> Accessibility -> Fortnite (App name) -> Turn off acces) and to remove the app from the device.
Those who have downloaded the other fake apps, including some functioning as stealthy coin miners, should also delete them.
The researchers advise users to download games only from authorized and legitimate sources such as Google Play, but as we’ve repeatedly seen in practice this advice is not infallible – some bad apps do end up on Google Play.
Users should keep in mind that malicious individuals are always trying to take advantage of the popularity of games and apps and push malicious ones posing as those offerings. We’ve seen this happening with Pokémon GO and other well liked and widely used software.