Thursday, October 10, 2024
HomeMalwareAndroid Gamers Beware of Fake Fortnite Game that Contains Spyware and Cryptocurrency...

Android Gamers Beware of Fake Fortnite Game that Contains Spyware and Cryptocurrency Miner

Published on

Android malware posing as Fake Fortnite Game includes spyware, cryptocurrency miner and install unwanted apps that show ads to generate revenue for authors. Epic games, the publisher of Fortnite recently announced that they are to extend the support for mobile platforms.

Recently they have launched the game for iOS and the Android next few months according to the company statement, in the meantime malware authors try to attract the users with malware posed as a Fortnite game.

According to zscaler “We observed this trend with Fortnite as well, in which multiple instances of Android malware were posing as the Fortnite game.”

- Advertisement - EHA

Android spyware – Fake Fortnite Game

Upon installing the Fake Fortnite Game the icon also shows the Fortnite name and the spyware starts collecting call and SMS logs and record keystrokes. Also, the spyware contains following accessibility functions.

  1. Make calls
  2. Send SMS
  3. Accessing camera and taking pictures
  4. Wiping device data
  5. Accessing accounts
  6. Reading keystrokes
  7. Accessing file manager
  8. Recording audio

According to researchers the spyware not made any connection with command-and-control servers. Possibly the spyware is still under development.

Fake Fortnite Game

Also Read Maikspy – A Spyware Attack on Windows & Android Users via Adult Games

Cryptocurrency Miner – Fake Fortnite Game

Researchers observed coin miners distributed as a Fake Fortnite Game app. The app found hosted in androidapk[.]world disguised it as Fortnite mobile.

The mining malware contains coinhive scripts embedded, the mining app significantly raises the CPU usage once the app is installed in the device. It will drain the device battery and slow down the infected device.

Revenue Generation – Fake Fortnite Game

The malware authors pushing some unwanted apps posing Fortnite game that generates ad revenue. The fake apps were removed more than 5 thousand times from the play store.

Fake Fortnite Game

Once these apps installed on the device it shows clean Fortnite game playing screen and redirects the browser to fill an online form that downloads additional apps that helps the author to generate revenue.

Common Defences and Mitigations

  • Give careful consideration to the permission asked for by applications.
  • Download applications from trusted sources.
  • Stay up with the latest version.
  • Encrypt your devices.
  • Make frequent backups of important data.
  • Install anti-malware on their devices.
  • Stay strict with CIA Cycle.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm,...

DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials

In a new campaign that is aimed at users who speak Russian, the modular...

LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its...