With somewhere around 45 million active players, Fortnite is about as hot as it gets in the gaming world right now. The wildly popular “battle royale” game is available for PC, Playstation and Xbox. There’s even a mobile version.
It’s only available for iOS right now, however. Epic Games hasn’t yet announced anything official about an Android version. With tens of millions of eager players awaiting its arrival, scammers are all too happy to fill the void (Update: Epic Games has now announced that an Android version will arrive this summer).
According to security firm Zscaler, fake Fortnite apps have started appearing. While most of the apps Zscaler spotted were being distributed through third-party app stores, one was hiding in plain sight on Google Play.
The bogus apps are packed with malicious capabilities. Zscaler observed one malicious app harvesting call logs, contact lists, and SMS messages. The malware can also place calls and send SMS messages, functions that can allow scammers to earn money off their victims.
Its spying capabilities run even deeper. The malware can activate a device’s microphone to record audio, snap pictures, and record keystrokes. Once an infected device has outlived its usefulness, the malware can completely wipe all data to cover its tracks.
Another app examined by Zscaler hid a cryptocurrency miner. While not necessarily as scary due to its lack of privacy-invading functions, crypto mines pose another serious risk. Similar malware has physically damaged infected phones.
How is that possible? Because mining for cryptocurrency like Bitcoin or Ether can be incredibly hard on a device’s processor. The more work a chip does, the more heat it creates. When a malicious cryptominer goes to town on a smartphone things can go south in a hurry because lithium batteries really don’t like to get hot.