Fortnite, a popular multiplayer sandbox survival game from Epic Games has over 125 million players worldwide and that makes it a lucrative target for malicious hackers. The game’s paid-for early access title was released on July 25th, 2017 for PlayStation 4, Xbox One, macOS and Microsoft.
While players are waiting for Fortnite’s full free-to-play release, cybercriminals have been found uploading malicious Android versions of the gaming app. Currently, there are tons of apps claiming to be official Fortnite apps or its mods – Remember, the game is available for iOS and its Android version is yet to be released.
According to ESET’s malware researcher Lukas Stefanko, there are several YouTube tutorials explaining to players how to install the Fortnite app on their Android devices, an app that does not exist. Almost every tutorial has hundreds of thousands of views but what’s worse is that these videos also contain links to APK files which when downloaded can turn out to be anything but official Fortnite gameplay app.
See: Hackers spreading password stealer malware from YouTube comment section
“Millions of views on YouTube for fake “How to install Fortnite on Android” videos including links to actual APK files. Don’t install #Fortnite for Android, it’s all fake or malicious! The official app is not released yet. They mostly generate revenue for developers,” Stefanko warned in a tweet.
Upon analyzing one of the APK files Stefanko found Forty lines of code in one class that only display Fortnite video with no gameplay whatsoever.
However, this is not the first time when Fortnite is making headlines for all the wrong reasons. In March this year, Fortnite players reported that their accounts were being hacked and used by hackers to make hundreds of dollars worth of fraudulent purchases through attached credit cards.
It is no surprise that malware authors prefer targeting Android devices but in Fortnite app’s case, there can be millions of victims at once getting their device infected with a data-stealing malware, spyware, cryptocurrency miner or even ransomware.
In 2016, after the release of Super Mario Run for iOS, cybercriminals uploaded malware-infected versions of the game on Play Store days before the actual Android version made it to the store. The same year, a fake Pokémon Go app was also used for infecting those looking for its Android app days before its official release on Google Play Store.
