Cyber criminals leveraging fake Fortnite for Android apps to generate clicks



Threats / Cyber criminals leveraging fake Fortnite for Android apps to generate clicks

21 June 2018

| Author: Jay Jay

Cyber criminals have found a new way to fraudulently generate malicious app downloads and earn money: by inserting links to YouTube videos that appear to allow users to play the insanely-popular video game Fortnite on Android devices.

Research by Nathan Collier at Malwarebytes Labs has revealed how hackers are leveraging the worldwide popularity of Epic Games’ video game named Fortnite to fool gullible gamers into downloading fake Android apps that mimic the original iOS app and ask users to download more malicious/fake apps in order to unlock the game on their devices.

Fake Fortnite for Android app in circulation

However, unbeknownst to many unsuspecting Android device users, Epic Games are yet to launch the Fortnite game for Android devices even though the iOS app has been around for almost a year. What this means is that links on websites or YouTube videos that appear to be those of Fortnite’s Android app are, in all probability, either fake or malicious.

“The scheme goes like this: Get a couple of over-excited people salivating for a chance to play Fortnite on Android, and get paid. The more downloads that come from the website, the more money the malware developers can make,” said Collier.

“With the app being so simplistic, the amount of development effort is pretty low for the amount that could be potentially gained. Hopefully, we can help stop the revenue stream by detecting this one as Android/Trojan.FakeFortnite,” he added.

According to him, malware developers behind the spread of fake apps masquerading as Fortnite for Android are pasting links on YouTube videos, offering viewers the chance to play the popular video game on Android devices. To increase their chances of success, the developers are including such links to YouTube videos that appear when users search for “How to install Fortnite on Android” or “Fortnite for Android” on Google or YouTube.

Once a viewer clicks on such a link on his Android device, an app named Fortnite gets downloaded from a third party app store that features an icon that closely resembles the one featured by the iOS app, displays the Epic Games logo to further trick users, plays the Fortnite intro song and also features a loading screen that is similar to the original iOS app.

The app then asks the user to go through a mobile verification process that includes several steps, including one that requires the installation of another app from the Google Play Store as well as one that requires the user to verify that he/she is not a bot.

However, even if the user downloads the app and religiously follows the step-by-step procedure to verify his/her authenticity, the user will never be able to play the game as it is obviously a fake.

“Every time there is craze around a new video game release, consequently we see malware authors jumping into the game. Often, it’s an attack against our good senses. They capitalize on that little itch that screams “I want it now!” We suggest listening to that other inner voice that warns, “This seems too good to be true.”

“Our advice: be patient. If you wait for the official release by Epic Games in the Google Play Store this summer, you won’t have the spend the ensuing months cleaning malware off your Android. Stay safe out there!

The rise and rise of third-party app stores

This isn’t the first time that malicious developers are using third-party app stores to host fake apps that do not contain any robust security feature or encryption to safeguard the user’s privacy but instead, steal device information and spy on user activity while running in the background.

For instance, in July last year, researchers at security firm ESET discovered that a Turkish app store hosted apps that mimicked popular Android apps but in fact hosted harmful malware that could intercept text messages, display fake activity and download and install other apps and malicious software.

“The malicious app distributed by the store at the time of the investigation was remotely controlled banking malware capable of intercepting and sending SMS, displaying fake activity, as well as downloading and installing other apps,” they noted.





Source link