As most often happens with online scammers and hackers these days, unscrupulous people are preying on the ignorance of users to distribute malware. In this case, people are pushing scam video on YouTube and other video platforms that claim to allow users to install the popular battle royale titles, Fortnite, on their Android devices. The problem is, the game hasn’t even release for that platform yet.
And since Fortnite is raking in cash on iOS, the game is a literal goldmine for scammers looking to steal information from unsuspecting fans.
One of the major scams is essentially a PPI network. For the unaware, PPI is PayPerInstall, a scheme that mobile companies use all the time to pay for installs of their apps. It’s all a pretty sketchy business, and it’s a haven for malware distributors to monetize their networks of infected mobile devices by overloading them with a bunch of low-quality “games” made for the sole purpose of showing ads.
And make no mistake about it, there’s lots of money in it. The annual Threat Intelligence Report for 2017 from Nokia sampled 100 million mobile devices, and Android accounted for nearly 70% of all infections. And the overall number of infections is on a massive uptick, pretty scary stuff.
So how does this all work? Well, these fake APKs masquerading as Fortnite will require a vital security setting on Android be disabled, allowing unsigned and unverified apps to be installed from non-official sources. Once the fake apps are executed, they pull down multiple apps from these PPI suppliers and load them in the background. Some of the more sophisticated malware variants will even attempt to hijack ads being shown in other apps and insert ads that make more money for the bad guys.
Scams for Fortnite aren’t even restricted to just these APKs or Android though. There are a ton of the “Free V-Bucks” related ones because free to play games always have people wanting to get currency cheap or free. This type of scam is rampant among those looking to distribute malware. A botnet controller, crypto-miner or other distributor will create a ton of fake programs that are basically just a simple GUI with no actual effect, then they’ll make a video wherein they use editing tricks or software hacking to make it look like their fake software actually does what it claims. They then repeat this process across multiple free-to-play games and video platforms.
In short, don’t get taken in by these scams. Only ever download apps from verifiable sources, in this case from Epic on the official app stores. And no, there is no legitimate way to “hack” currency for these games. Those values are stored server side and are constantly refreshed and checked to ensure accuracy. So even if you could somehow gain unauthorized access to the server(s) storing this information, it will most likely self-correct any changes made, so don’t even think about it.
In case you haven’t seen it yet, we’ve linked the mobile launch trailer for the game below, check it out. The Android version of the game will be out in a few weeks most likely though.