The popular video game Fortnite is set to launch an Android app later this summer and online video tutorials which purportedly explain how to download the mobile game are already appearing online.
Fortnite is already available on the Xbox One, Playstation 4, Nintendo Switch, PC, Mac and iOS – leaving Android the last major platform not to be supported.
The popular game – described by its creators as a cross between Minecraft and Left 4 Dead – already has more than 45 million players, despite launching less than a year ago.
This popularity, combined with the anticipation for an Android version, has resulted in cyber criminals attempting to capitalise on people’s eagerness by creating fake versions that contain malware.
Lukas Stefanko, a malware researcher at IT security firm ESET, found one version containing a Trojan SMS – a type of malware that secretly runs in the background that enables cyber criminals to send text messages from the infected device to premium rate phone numbers.
“There are dozens of YouTube videos with millions of views leading users to fake ad generating revenue,” Mr Stefanko told The Independent.
“The risks are high because people believe and download whatever app they find in the description under YouTube videos. In one case, I found Trojan-SMS, but there could be ransomware, banking malware or spying software.”
Example how you can get infected by downloading #Fortnite Android app from YouTube video with 130K+ views.— Lukas Stefanko (@LukasStefanko) June 21, 2018
This one send SMS to premium rate number and downloads another fake app. pic.twitter.com/pYj8GZoqoZ
Other security researchers have previously noted fake Fortnite apps contain spyware, which is capable of harvesting people’s data and wiping a device of its data.
“Users should beware of malware authors looking to exploit their desire to play Fortnite on Android,” researchers at cyber security firm Zscaler said in May.
“We urge users to download games only from authorised and legitimate sources, such as Google Play.”
Many of the links to the fake apps appear in the descriptions of the YouTube videos claiming to offer ways to download Fortnite through Android Package Kits (APK) which circumvent the Google Play app store.
Nathan Collier, a security researcher at Malwarebytes, noted the proliferation of the videos on YouTube.
“Every time there is craze around a new video game release, consequently we see malware authors jumping into the game,” he said in a blog post this week.
Epic Games has not acknowledged the issues but Google, the company behind the Android operating system, told The Independent it is removing videos which promote scams.
“Our Community Guidelines prohibit spam, scams, and other deceptive practices and we remove these video when we are made aware of them,” the spokesperson for YouTube said.
“We are committed to removing spam quickly, in many cases, preventing it from ever being viewed by users, while also making sure that we do not harm legitimate creators.”
Millions of views on YouTube for fake “How to install Fortnite on Android” videos including links to actual APK files.— Lukas Stefanko (@LukasStefanko) 12 June 2018
Don't install #Fortnite for Android, it’s all fake or malicious! Official app is not released yet.
They mostly generate revenue for developers. pic.twitter.com/xpDcqbs3G2
According to Mr Stefanko, only the Fortnite game is being used by cyber criminals to take advantage of unsuspecting web users due to its popularity.
“It is unique right now for Fortnite because of the hype around this popular game and the anticipation of an official announcement of a legitimate app,” he said.
“I’m not sure what Google or Epic Games can do about it. I guess there’s not much they can do, beyond spreading awareness.”