The frenzied popularity of the Batte Royale genre of shooters popularized by PlayerUnknown’s Battlegrounds does not seem to be at the end yet, especially when it comes to Fortnite Battle Royale . That (free) game keeps getting updates and the number of players keeps growing. A few months ago publisher Epic Games also released a mobile version. But if something is popular, the cybercriminals also come around to grab a piece of corn. The ThreatLabz research team from Zscaler has now discovered several fake Fortnite apps that have been infected with malware.
For those who do not know it. Fortnite is a survival game developed by Epic Games and People Can Fly. The game was released last year for Microsoft Windows, macOS, PlayStation 4 and Xbox One, and now has more than 45 million players. This makes it one of the most popular games of the moment. Recently, Epic games also launched the game for iOS.
Fortnite on Android
A version for the Android platform has not yet been announced, but it will ensure that Android users – who have become enthusiastic about playing the game too – will be looking for it. These kinds of situations with popular games often attract malware authors who try to spread their payloads disguised as fake games.
In the past, the ThreatLabZ research team has also seen fake Super Mario and Pokemon GO apps in the wild at the time of the launch of the legitimate versions. They now also see this trend with Fortnite, with multiple copies of Android malware occurring as the Fortnite game. The malware contained spyware, a coin miner and some unwanted apps disguised as a game.
In one case, Zscaler found Android spyware disguised as the Fortnite game. An icon with the Fortnite name appears on the device during the installation. After the installation, the spyware starts collecting call data, including outgoing and incoming calls, missed calls and telephone contacts, and can call the malware itself.
The spyware also has access to the camera, text messages and files, and can take pictures, record audio and read keystrokes. Zscaler has not yet seen that this spyware also connects to its command-and-control (C & C) servers. This may indicate that the spyware is still under development.