Cybercriminals continue to find simple ways to convince people to unknowingly download malware onto their mobile devices. Most recently they are using the runaway popularity of the Fortnite online game and the promise of its anticipated availability in Google Play to lure potential Android Fortnite users into downloading malware onto their smartphones.
The game, which offers a battle royale of sorts and now has some 3.4 million concurrent users, is not only free but available through a broad range of systems--from Windows PCs and Apple Mac systems; to such consoles as Xbox One, PlayStation 4 and Nintendo Switch; to devices running Apple’s iOS operating system. Next up is Android, with speculation that the game will become available on the Google Play store this year, possibly as early as the summer.
According to warnings issued by Malwarebytes and other security researchers, cyber-scammers are taking advantage of potential Android Fortnite players’ desires to run the game on their devices. Scammers are enticing such users to sites that purportedly will allow them to access early versions of Fortnite for Android, even though it has not yet been released to the platform. However, rather than being able to run Fortnite on their Android devices, victims who click on the link instead download malware onto the phones.
According to Nathan Collier, senior malware intelligence analysts at Malwarebytes, there are several videos on YouTube with malicious links that claim to offer access to early versions of the game.
“The apps are not located on the Google Play Store,” Collier wrote in a post on the Malwarebytes blog. “Instead, people have found them by searching ‘How to install Fortnite on Android’ or ‘Fortnite for Android’ in Google, or stumbling across links in YouTube ads. From there, the apps can be downloaded. … The scheme goes like this: Get a couple of over-excited people salivating for a chance to play Fortnite on Android, and get paid. The more downloads that come from the website … the more money the malware developers can make. With the app being so simplistic, the amount of development effort is pretty low for the amount that could be potentially gained.”
Collier said the app being used by the hackers is a simple program that at this point has two different package names: com.anizz14 and com.anizz14.fortnite.
Mobile malware is becoming a popular avenue for attackers, and with more than 2 billion active Android devices in the world, according to the Android Open Source Project, the platform is getting its share of attention. In their Mobile Threat Report, released earlier this year, McAfee researchers wrote: “Considering that mobile malware has been around for only 15 years—from the first mobile botnet discovered in 2009 to the targeted attacks from the Lazarus group on smartphones—the pace at which malware has evolved on mobile devices is alarming.”
Security experts said highly popular games like Fortnite with a huge and enthusiastic fan base are easy targets for cybercriminals.
“This is a form of social engineering that requires a human to perform a series of actions,” Chris Morales, head of security analytics at automated threat management solutions vendor Vectra, told ITPRo Today in an email. “There is always huge demand for these large games and impatient gamers who want access to the latest games immediately. Fortnite has not even been released to the public yet and is not available on the Google Play Store. That should be the first indicator to any gamer that this is a malicious download”
According to Anupam Sahai, vice president of product management at cybersecurity vendor Cavirin Systems, the risks of downloading malware are heightened as more people use their personal smartphones for work, as well.
“The root problem is not fake Fortnite apps per se, but the existence of malicious apps in general and in the excitement of the moment--an individual downloading what looks to be an app via a mobile browser vs. an official app store,” Sahai wrote in an email to ITPro Today. “This opens up a host of potential vulnerabilities, and with the increasing use of one’s smartphone for both business and pleasure, sometimes without any formal security management controls, the potential that this creates a vector for an enterprise breach is great.”
Businesses can use this situation as an opportunity to review their training as well as their mobile security processes and tools, he said.
Malwarebytes’ Collier urged patience.
“Every time there is craze around a new video game release, consequently we see malware authors jumping into the game,” he wrote. “Often, it’s an attack against our good senses. They capitalize on that little itch that screams, ‘I want it now!’ We suggest listening to that other inner voice that warns, ‘This seems too good to be true.’ Our advice: Be patient. If you wait for the official release by Epic Games in the Google Play Store this summer, you won’t have the spend the ensuing months cleaning malware off your Android.”