- A fake APK that delivers all kinds of malicious software is promoted as an Apex Legends installer for Android.
- There are about 40 domains promising stuff for the game that actually deliver pieces of problem-inducing software.
- Many millions are interested in the game, forming a steady supply of victims for the scammers.
As reported by ESET’s prolific researcher Lukas Stefanko, multiple YouTube channels and various other promoters of malicious software have been pushing a fake Android package that supposedly is an Apex Legends port for mobile devices. The APK file has been downloaded over a hundred thousand times in just five days, which is indicative of the interest that people have in the particular game. The APK that is distributed most likely leads to the downloading of malware, or onto phishing landing pages, exactly as it happened with popular games in the past.
Remember #Fortnite Android malware?
Now, fake @PlayApex app spreads via YouTube video with link to actual APK that needs to be manually installed.
Video has over 600K views and 100K clicks on APK link in 5 days.
APK is not available now, but this can be easily changed by admin pic.twitter.com/til021wIPr
— Lukas Stefanko (@LukasStefanko) February 23, 2019
Apex Legends is the next big thing in gaming, having reached a staggering user base of 25 million players only a week after its official release, hitting Fortnite hard and further pulling the rug from under PUBG’s tottering feet. The sudden ballooning of this previously non-promoted or even teased game was enough to take EA out of the mud of controversy, raising the price of its share by 6% this month, while those of its competitors plummeted. This huge success has drawn the attention of scammers as well, who are always there to take advantage of hopes and wishes.
In this case, the hope was to have Apex Legends on Android, but the developers of the game (Respawn Entertainment) have not released such version yet, and the game is still only available for PS4, Xbox One, and Windows. In spite of that, many have been convinced that downloading an APK from an obscure source would really get them to play Apex Legends on their Android device, and so they voluntarily entered the realm of exploitation. The actual game itself is not the only way that scammers try to trick people though.
this one leads to malicious flash updates:
— Phishing AI (@PhishingAi) February 25, 2019
As reported by Phishing AI, there’s a large collection of domains that try to hand out all kinds of malicious elements, ranging from malware to trojans, and backdoors to adware. These domains promise people with aimbots for Apex Legends, in-game coin winnings, cheats, add-ons, and more. Of course, all of them are fake, but that doesn’t stop the flow of victims as the game’s popularity is always bringing more in.
Are you playing Apex Legends right now? Would you play the game on Android and iOS when it’s launched for these platforms? Let us know in the comments section below, and help us spread the word by sharing this post through our socials, on Facebook and Twitter.