It’s no secret that hackers will stop at nothing to steal as much credentials as possible. They develop new schemes almost every day designed for injecting malware, keylogger scripts, and other types of bad files inside all types of devices. One particular trick they usually use involves copying a popular mobile game and passing it as the real one, tricking people into installing malware on their phones. Here are four good examples of such cases.
When the developers of the popular video game Fortnite announced that the game will be ported to Android, hackers used this opportunity to create a fake Fortnite app to trick enthusiastic users. The overly excited victims were instructed to download a certain APK file. Once installed, it will then instruct the user to download another APK file that contains the malware. Take note that the original Fortnite app hasn’t been released yet so any website claiming to have a copy of the real Fortnite app is obviously lying.
Back in 2016, Nintendo made headlines by releasing Super Mario Run, marking the first mobile game from the popular video game franchise. Obviously, hackers had to take advantage. Copycat apps started to pop out, the most prolific was the fake app “Super Mario.” It’s a playable game, but the game is the old SNES version. It also displays inappropriate ads from untrusted apps. Another version installs a third-party app store where users can install untrusted apps in case they want to ruin their phone.
The mere existence of a Cuphead mobile game app should already give users a hint. Cuphead was a big indie hit of 2017, so everyone was shocked to see a Cuphead app appear on the App Store one day. Everyone briefly forgot that it was a console game and thought it was real because it had convincing screenshots to boot. The fake app even copied the website of Cuphead’s developer for added authenticity. Fortunately, the fake app was swiftly taken down just hours before it was reported.
The release of Pokémon GO in 2016 sent everyone outdoors looking for rare pocket monsters. Others were sent to a frenzy after their devices got hacked or infected with malware because of fake Pokémon GO apps. A direct copy of the app contains a malware that allows the hacker to remotely control the victim’s device. Aside from that, a bunch of “guides” and “tricks” apps for Pokémon GO started sprouting on Google Play, further infecting gullible users who just want to catch a rare Nidoking.
The usual advice for these types of cases is to download apps only from trusted sources like App Store or Google Play Store. But sometimes, fake apps still wriggle their way into these legitimate stores. So always be vigilant about the apps you install. Do a quick research if possible and always read before granting an app certain permissions. That’s usually how they get you.