Multiple reports have emerged of Android malware packages being disguised as the Epic Games multi-player battle royale-style shooting game, and experts want users to exercise caution , and make sure friends and family do the same, when seeking out copies of the game.
Malwarebytes researcher Nathan Collier said this week that the malware has been luring in users through both search queries and YouTube video ads.
In some cases, the scammers have taken things even further by using the app icon and loading screen from the game, then presenting the payload as a "new update" to the game that requires a "bot verification" process consisting of downloading and installing additional apps on their device.
You can see where this is going. Those additional downloads net the scammers a commission, and the user will keep authorizing them in hopes of getting their fake copy of Fortnite to run.
"The scheme goes like this: Get a couple of over-excited people salivating for a chance to play Fortnite on Android, and get paid," Collier explains.
"The more downloads that come from the website shown above, the more money the malware developers can make. With the app being so simplistic, the amount of development effort is pretty low for the amount that could be potentially gained."
One sure-fire way to avoid the scam is to simply wait for the legit version of the game to come out on the Google Play service. Epic has said the Android port will be arriving this Summer, though no specific date has been announced.
Still, with the much-hyped game getting attention from both gamers and interested parents alike, scammers are finding a ready and willing pack of targets.
"The temptation for enthusiasts, blinded by fandom and the inevitable peer kudos of getting to play early, combined with the real advantage of not being subjected to real post-release media spoilers, is such that it subverts the good sense to prevent one exploring the realm of questionable websites and dodgy video instructions only to be led down the path to malicious game ending malware," explained Steve Giguere, lead EMEA engineer at security vendor Synopsis.
In short, those who administer Android devices, or just those that share or manage devices for friends and family members, should keep a close eye for any dodgy downloads.