As soon as Epic Games announced their willingness to extend support for mobile devices for their blockbuster game Fortnite®, fake android apps started popping up claiming to be original Fortnite game app. These apps are actually intended to mine and destroy information from users android devices and some to install micro crypto currency miner programs; Researchers at Zscaler’s Threat Labs recently identified.
Fortnite®, one of the most popular games currently available in the market have over 45 millions players released by epic games july last year for Windows, MacOS, Playstaion and Xbox. With the rapidly growing interest for the game, Epic Games soon announced their plan of launching the game for mobile platforms. That’s where an opportunity arises for groups with malicious intention. Within weeks from the date of announcement made by Epic Games a number of android apps have been float which either claim to be actual Fortnite® game app or to be helping users to generate free V-bucks (virtual currency allowing in game advantages). Such apps easily trapped users with their interest to have the game available for android phones, thus getting high volume downloads influenced by viral marketing.
Initially most of the apps examined will let one do nothing but sharing download link to attract more victims and at the backend they perform several malicious operations such as mining or destroying information from devices such as contacts, messages etc. Some of them also found deploying cryptominer scripts forcing users to mine crypto currencies for the developer at the expense of users.
“This spyware creates a ‘files’ folder under its installation directory,” researchers said. “Under that directory it writes all logs on a daily basis…Along with the data, keylogging activity is visible…where the spyware is reading keystroke by keystroke and storing the data to file.” While most of those apps has been presented through backdoor channels, one has made it to Google Playstore. The app offered free V-bucks in exchange of completing surveys or downloading and installing several other android apps. “After completing the survey and downloading the suggested apps, the user doesn’t receive free V-Bucks, but the app author definitely generates real revenue,” researchers said. “This fake app was downloaded over 5,000 times, and has been rated five stars over 4,000 times, before we reached out to Google Security team who promptly removed the app.”
Last year similar incident had been observed for another popular game Pokemon Go. Epic Games and Google could not be reached out for comment.