Fake Fortnite apps for Android in circulation


The video game “Fortnite” is currently very popular among young gamers. A version for the Android operating system has been announced for this summer by the developers. Cybercriminals are aiming to play on the impatience of fans and are distributing fake apps.These also include supposed instructions on popular video portals such as YouTube on how to install it on Android. The target group for the videos is younger gamers, who end up installing useless apps on their devices that, for example, lure them into expensive subscription or contain malware. A third-party vendor block - and attentive parents - can significantly reduce the risk of youngsters falling into the fraudsters’ trap. G DATA informs about the criminals' scam and gives parents and gamers tips on how they can protect themselves.

What is Fortnite?

Fortnite (proper name Fortnite Battle Royale) is a video game that is currently available for PC, Mac, consoles and iOS. According to developer information, the game currently has 125 million registered users and addresses a relatively young target group - the retail version bears the USK (Entertainment Software Self-Regulation Body) “12 and above” seal. The publication of the iOS version shows how successful it is. In the first three weeks alone, Fortnite recorded revenues of over 15 million dollars. That is a higher revenue than Pokemon Go, for example. Currently, the developer earns around $1 million a day with Fortnite only on iPhone and iPad.

Fortnite's popular Battle Royale mode is quickly explained: A total of 100 players compete on a small card in this third-person shooter. The goal is simple: the last person standing has won.

The developers of the game have announced an Android version of Fortnite for the summer of 2018. As Fortnite has already been available for iOS for some time, the impatience among Android users is also naturally increasing.However, the problem for the developers is the diversity of Android. There are numerous devices that use different versions of the operating system. A complex app must therefore function simultaneously on every Android device, or otherwise incur the wrath of gamers. G DATA has denounced this dilemma numerous times in the past, as it also poses a risk for IT security. Criminals will exploit this curiosity and impatience when Fortnite for Android finally appears.

Subscription and malware traps

Dozens of videos on portals such as YouTube offer supposed instructions for installing Fortnite on Android devices. New clips are added every hour. These fraudulent videos are designed to adress younger gamers. In the end, they install non-functional apps on their devices, which only cause damage and frustration instead of fun. We have identified four popular scams here:

Scam 1: Fake sites pretend to belong to the developers and offer supposed Fortnite apps. Users are asked to enter their mobile number on these websites. In the small print it says that the users are agreeing to an SMS subscription for three to seven Euros a week. In one example, no fewer than three subscriptions were agreed at the same time.

Scam 2: Equally risky is the scam where malware gets into the system via a manipulated app. This Remote Access Trojan (RAT) gives the cyber criminals full access to the device. In this way, sensitive data can be stolen or more malware subsequently installed.

Scam 3: Another fraudulent scam is fake apps that target access data.

Scam 4: Other developers try to use an alternative of the app with a similar sounding name to profit from the enthusiasm for Fortnite.

G DATA security solutions protect customers from this malware and block such phishing sites.

G DATA tips:

  1. Only download apps from official sources: Google checks applications uploaded to its own store for malware. Suspicious or malicious applications are usually rapidly removed from the Play store. However, on platforms that are not checked by Google or the smartphone manufacturers and where there is no filtering, the risk of picking up a malicious app is generally significantly higher.
  2. Set up third-party vendor blocks: A “third-party vendor block” can be set up with the mobile network provider. This makes it impossible for expensive subscriptions to be agreed. Providers have various names for this, such as “Added value services”. The provider is legally required to set up such a block at the request of the mobile network user.
  3. Install a security solution: Users should also install a security solution on their Android smartphone, such as G DATA Mobile Internet Security. This has recently been selected again as a winner by AV-Test.
  4. Parents should support their children: Parents should be open to their children's experiences and interests on the net. Mothers and fathers should be shown the applications and talk about their children's experiences with the online media. Parents should be aware of the possible dangers on the Internet so that they can also make their children aware of them.

Informationen for fellow researchers