Fake Apex Legends: The Battle Royale of Malware (Mar 1, 2019)
Researchers have found that the new video game title “Apex Legends” is being utilized for malicious purposes by threat actors. The game, created by Epic Games, is not available on as a mobile applications, and this is where threat actors see opportunity. Similar to another popular game, Fortnite, threat actors have created fake downloads for the game purporting to for various operating systems such as Android, iOS, and PC. These download locations do not show and official developer input on the game, which is indicative of fraudulent software, and there are also videos on YouTube that show how to download these fake game installers and provide a link to the download page. The actual download and installer does not launch any sort of game and does not work and instead was found to be installing the “FakeFort” trojan that depicts advertisements on the affected device so actors can gain an illicit profit.
Recommendation: Any free application should be viewed with some scrutiny, particularly those that are not downloaded from official stores such as the App store or Google Play store. This tactic utilized by actors has the potential to be effective in tricking children into downloader them which could potentially result in actors gaining control of a device and pivoting to others inside a network if the device was borrowed from a parent or guardian. While this malware is not an information-stealer or a backdoor, actors could implant different types of malware in these fake games.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.