Security News

Fortnite's release on Android is not security-friendly

By

It’s finally here! One of this year’s most successful game Fortnite is finally available for Android devices since August 9th. This has been wished for by many Android gamers but this dream comes with the following caveats:

  • Device exclusivity – For the first 3 days this game can be installed only on Samsung devices.
  • No Play store – This device is not available on the official Google Play store, it has to be downloaded from Samsung Galaxy Apps Store

Issue I: Device Exclusivity
The issue with device exclusivity is that people have come up with ways to install this app on other devices. There are already modified versions of the app that overcome this – [PORT] Fortnite for Android with device check disabled (v5.2.0)

Then there are YouTube videos spreading on this topic:

We have already covered how YouTube videos are being used to propagate Fortnite related scams in one of our previous blog posts.
Issue II: Absence on Play Store
Another issue that may lead to serious implications is the fact that this app is not available on the official Android Playstore. This means users will have to allow “install from unknown sources” feature on their devices which is not safe. This may encourage users to take the dangerous route in the future as well.

Even before this, YouTube video scam has been propagating side-loading Fortnite apps. This move of not including Fortnite on PlayStore further encourages users to follow this route. However Google has taken a positive step by showing a notification that this app is not available on the Play Store to prevent users from installing a different app that may claim to be Fortnite:

We advise our readers to avoid installing Fortnite or any other app from a third party store as it falls outside Google’s protective umbrella. It may be tempting to give this game a try but please avoid doing so until this app is fully supported on the Play Store.

Sonicwall Capture Labs continues to protect users from fake Fortnite apps via the following signatures:

  • AndroidOS.Fortnite.AN
  • AndroidOS.DroidJack.MA_2
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
New banking Trojan - Tatanga (Mar 4, 2011)
Microsoft Security Bulletin Coverage (Feb 23, 2017)
Reha ransomware targeting Arabic speaking countries.
3CX Desktop App compromised in a supply chain attack
RIG Exploit Kit (March 9th, 2016)
Unravelled VBE script drops Banking Trojan (Aug 28th, 2015)
ACH Transfer spams serve Banking Trojan (July 6, 2012)
ZBot IRS spam targeting Tax period (Mar 26, 2010)