Fake Android Fortnite version circulating on the web to spread malware

Beware while downloading Fortnite on your Android device because you may end up getting your device infected with malware. According to the analysis of Lookout cyber-security firm’s researchers Adam Bauer and Christoph Hebeisen, whoever downloads the recently released Android Fortnite on a mobile phone will be at risk of malware infection.

The reason is that Epic Games has decided to make the game available on their official website instead of Google Play Store. About two weeks back, the CEO of Epic Games, Tim Sweeney, announced that Fortnite’s Android version will only be available for installation on the web.

Fortnite is one of the most popular and regularly downloaded games in the world. This week, the game’s Android version was released. As soon as Sweeney announced the availability of the app at least 7 websites started advertising as Android Fortnite official distributors. Lookout researchers claim that all of these websites are actually scams and created to distribute malware. It is urged that users only download Android Fortnite from the official website of Epic Games.

It is, however, quite surprising that Epic Games decided to ditch Google Play Store, which is a reliable platform for downloading software and apps. It is reported that by offering the game through its website, Epic Games aims to retain the 30% revenue share that Google will earn if the game is hosted on the Play Store. Sweeney claims that keeping 30% revenue share is understandable for console games but unfit for applications.

“30% is disproportionate to the costs of the services that these stores perform,” says Sweeney.

Moreover, capturing the Chinese market would become easier for Epic Games by bypassing the Google Play Store because it is unavailable in China. But, the company has largely overlooked the security concerns associated with direct downloading of the game. Before hosting any app or game, Google runs the software through a specialized malware screening process, which the Android Fortnite will certainly miss.

There are several risks associated with downloading the game through other platforms. Such as, despite the game being malware-free, downloaders may unknowingly download an infected version from a replicated website. It isn’t too difficult for cybercriminals to create exact lookalikes of Epic Games’ website in order to target innocent players. Another issue is that to access Android Fortnite installer, users are required to disable a built-in Android security feature that protects the device from malware.

The seven websites assessed by Lookout security researchers were created quite skillfully as these contained the term Fortnite in the URLs and the landing page was identical to Epic Games’ official website. Each of these websites claimed to offer an authentic version of Android Fortnite. However, all of these websites distribute malware.

Two different families of malware are used to infect devices. The first category is dubbed by Lookout as FakeNight. It plays a video, which is the exact replica of a Fortnite game-loading screen. The second family is dubbed as WeakSignal that also loads a Fortnite loading screen but uploads a series of programmatic ads on the top.

Players must remain alert and carefully check the website URL before hitting the “download Fortnite” button.

Related Posts