The past few months has seen the exponential rise of Epic Games battle royal style game, Fortnite. The game has 100 users/ lobby drop into an open map where they are required to collect materials and weapons, the last person standing wins. The initially PC exclusive has seen such success that it has branched out to console and recently iOS. Since its launch on iOS Android users have been enviously waiting for its release. Hackers have taken this anticipation and have been launching fake versions of the app, hoping to catch eager fans.
Nathan Collier of Malwarebytes Labs explored and examined these malicious apps, below is his experience:
None of the fake apps can be found on the Google Play Store, instead, a quick Google of ‘Fortnite Android Download’ will take you to a link where it can further be downloaded.
From there it appears on your screen with a realistic-looking icon. “so realistic that some may recognize it from the Apple iOS version.”
After this, you are guided to different loading screens (also stolen) when suddenly, the app requires ‘mobile verification’. From there, it requests you to prove “You’r Not A BOT” to verify, a user must download another free app. Once you click install, you are redirected to Google Play (the official Android app market). No matter how many apps you download from this site the game never verifies, as all the damage is already done.
Similar tactics were used by hackers during the launch of the super popular Pokémon Go. Similar tactics are likely going to be used in the future too. Make sure you know how to defend yourself.
The above description has three key points that show it’s a scam;
Firstly, a red flag should immediately come up when you are required to download an app from anything other than the official app store. Especially in this case where the developer is such a large company.
Secondly, when taken to a further outside page make sure everything is grammatically correct, this is the easiest thing to spot, yet, could save you. In this case, the spelling mistake comes when you’re asked to prove “You’r Not A BOT”.
Thirdly, it should be another red flag if you’re downloading a major app before the official release date. There is an extremely high chance it is malicious, and we highly recommend against it. We recommend that you are patient and wait for the official release date as this is the safest way to download an app.
To read more about online safety make sure to read our other blog posts that discuss it:
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions, want to learn more about our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.