หลังจากเหตุการณ์ที่ Epic Games เจ้าของเกม Battle Royale ชื่อดัง Fortnite ปฏิเสธที่จะเปิดให้ดาวน์โหลดเกมจาก Google Play และให้ดาวน์โหลดที่เว็บไซต์ของ Epic Games เท่านั้น
เราจึงถามความเห็นกับนักวิจัยมัลแวร์ Lukáš Štefanko จาก ESET เกี่ยวกับภัยคุกคามที่เราอาจจะพบจากเหตุการณ์นี้
Perhaps most importantly, what advice would you give to Fortnite players to stay safe?
Normally, I would urge everybody to stick to Google Play, but for obvious reasons this doesn’t help in this case. The crucial thing here is to download Fortnite’s Android app only from Epic’s website and, once you install it, make sure that you immediately revoke the permission to install apps from “unknown sources”. That will reduce your risk of downloading malware in the future. Under no circumstances should you download the app or what is, in fact, likely to be its malicious imposter, from non-official app stores, torrents, or other shady sources.
Let’s size up the threat now. Just how much of a problem does Epic Games’ move represent?
Put simply, the way in which the game is installed increases the susceptibility of users to a device compromise, be it due to their installing a fake app from an unofficial source or forgetting to disable the “unknown sources” option once Fortnite is installed.
Did you see this coming? Did you expect that a massively popular app would, one day, sidestep Google Play?
Honestly, no. On the other hand, I fully understand that major app developers with massive player bases might want to trigger a bit of a “shake-up”, especially considering that Epic Games CEO Tim Sweeney has referred to Google Play’s 30-percent transaction fee (levied against the vendor) as a “store tax”. But for the sake of security, I hope other app developers don’t follow in Epic’s footsteps.
Threats come in many different shades and hues, but is there any one kind of threat that Fortnite’s players should be particularly wary of?
Malicious YouTube videos that promise extra game features or giveaways and prompt gamers to download apps that purport to complement Fortnite, but whose effects are malicious rather than beneficial.
How exactly can things go awry for users?
For example, victims can end up with fake apps that spy on them, steal their Fortnite accounts, add unexplained charges to their bills by sending premium-rate text messages on their behalf, or lure them into completing “surveys” that request their personal information. Fortnite has been so popular, and the Android version so highly anticipated, that attackers can sneak any malicious code you can think of into the unofficial app. Which is also why a robust security app can go a long way towards enhancing your defenses.
What are the telltale signs of an infection post-installation?
The most common way to identify a scammy app is noticing that as soon as it is launched, it disappears from the victim’s view. This is not to say that the app has been removed; it’s just hidden from the victim’s view and operates in the background, in which case it can do sneaky things without your being aware of them.
What’s the usual chain of events after someone takes the bait and, say, clicks on a dodgy link?
First of all, the lead-up to the compromise evokes trust and imitates the installation process for the bona fide app. After clicking on a link to the purported Fortnite app, you’re redirected to a lookalike version of the legitimate website, and you’re prompted to download the app’s latest version. When you download the installer, you need to install the app manually, but not before changing the device’s settings and permitting app installations from unknown sources. That’s it. If the app was malicious, your device is compromised.
What should you do after realizing that your device has been compromised with malware?
You need to locate the app in App Manager. However, this is often easier said than done, as the app may not be called Fortnite at all there, since it might impersonate other apps, including system apps. A better way to counter the threat is to install security software.
Where does the user’s responsibility for staying safe lie?
Users are responsible for checking whether an app on Google Play is genuine, for example by reading user reviews or going through the app’s description and comments. That way, they see a bigger picture and can decide for themselves if an app is safe for download or if they should choose another one.
What are your thoughts about Google Play security in general?
Our own research has shown multiple times that Google Play’s built-in protections aren’t impregnable. Having said that, although the store isn’t a “Fort Knox of security”, it does a good job of fighting harmful apps, and if such an app is detected, they remove it promptly.
Author: Tomáš Foltýn
Translated by: Worapon H.