A number of malicious apps on Android devices are purporting to be the popular game Fortnite. The apps can access user cameras, harvest and wipe data from the devices and record audio on the effected phone.
Researchers at Zscaler’s ThreatLabZ said that some hackers are taking advantage of Fortnite owner Epic Games’s recent announcement that it would make the game available on mobile forums. Fortnite is really popular among the crowd these days with over 45 million layers. There is an iOS version of the game available on Apple devices but there isn’t an Android version available in the market officially announced. This means that when Android users search for Fortnite on apps stores, they find the fke replicas of the original and are victims of this malware.
“There is no official news from Epic games about the release of the Fortnite game on the Android platform,” researchers said in a blog post. “Users should beware of malware authors looking to exploit their desire to play Fortnite on Android. We urge users to download games only from authorized and legitimate sources, such as Google Play.”
Researchers observed the Android spyware cryptomining malware and a scam app that claims to aid the players to earn free V-bucks. The latter was found in Google Play and the remaining were found in third party app stores.
“This spyware creates a ‘files’ folder under its installation directory,” researchers said. “Under that directory it writes all logs on a daily basis…Along with the data, keylogging activity is visible…where the spyware is reading keystroke by keystroke and storing the data to file.”
One instance shows Android spyware posing to be the game, showing the icon and the name when downloaded. However after being downloaded it starts to harvest call logs. It can also make calls and features enabling accessibility services, allowing it to get certain privileged operations without user interaction.
Image via playstation