Fortnite for Android Released Outside the Google Play Store. Is it Safe?
Fortnite: Battle Royale, Epic Games' massively popular online game with 125 million players worldwide as of June 2018, is now being released on Android. The game will be released for some Samsung devices on August 9, while other Android devices can start downloading it on August 12, 2018.
However, the game, widely considered to be the biggest Android release in years, will not be on the Google Play Store and will instead be available for download on Epic Games’ website, requiring users to download the APK manually. The move to not distribute Fortnite on Google Play was the decision of Epic Games’ CEO Tim Sweeney, in order to sidestep the Google Play platform's 30% cut. However, it has been regarded as “dangerous” as well as a “wrong and greedy” step that exposes Android users to a variety of security risks.
Fortnite Fraudsters on the Prowl
Months before Epic Games released the game on Android, there were reports of a phishing scam designed to steal gamers’ Epic Games account information, with scammers sending fake email signups for the beta release of Fortnite on Android.
Another Fortnite scam, the V-Bucks scam, uses fake websites and social engineering to lure gamers into entering their account details in exchange for free or discounted V-Bucks, Fortnite: Battle Royale’s in-game currency. This scam has also victimized gamers in the U.K., with scammers using social media platforms to spread links leading users to phishing websites. U.K. authorities reported that 35 Fortnite phishing cases had been filed in a span of one day, with up to US$6,800 stolen by cybercriminals.
In response to this scam, Epic Games posted a tweet warning Fortnite players of online scams that advertise free or discounted V-Bucks.
Using Old Tricks on Mobile Users
For years now, scammers have been distributing malicious apps outside of the Google Play Store to pilfer personal credentials. Fake mobile banking apps and even fake versions of popular games such as Pokémon GO intended to steal user information have been found in third-party file-sharing sites.
This year, the threat to mobile users continues. In May, we saw Maikspy make a comeback. The spyware was disguised as an adult game called Virtual Girlfriend, which was distributed via a malicious domain promoted on Twitter. This malware family connects to and uploads information on affected devices via a C&C server.
Aside from social media, scammers also used SMS to steal information from mobile users using a method known as SMiShing. In June 2018, FakeSpy, a malware targeting Japanese- and Korean-speaking mobile users, sent SMS messages containing a link to a malicious site that prompted users to download an APK that enabled cybercriminals to steal data such as text records and contact information.
Trend Micro Solutions
Mobile users can avoid phishing attacks by downloading apps from trusted sources or legitimate app stores like Google Play or the App Store. Aside from this, being knowledgeable of mobile safety practices and having solid mobile security can help prevent these kinds of cyberattacks.
Trend Micro’s Mobile App Reputation Service (MARS) already covers Android and iOS threats using leading sandbox and machine learning technology. It can protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerability. Trend Micro Mobile Security & Antivirus 9.5 has proven to be a reliable mobile security vendor in the AV-Comparatives Mobile Security Review 2018.
End users and enterprises can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ which is also available on Google Play. For organizations, Trend Micro™ Mobile Security for Enterprise provides device, compliance, and application management, data protection, and configuration provisioning, as well as protects devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases
- Exploring Potential Security Challenges in Microsoft Azure