Fake Apex Legends: The battle royale of malware

March 1, 2019

These past couple of years, the battle royale (last player standing) genre has conquered gaming hearts and minds. In early February, the world-beating Fortnite and PUBG were joined by another smash hit in the form of Electronic Arts’ Apex Legends (25 million downloads in the first week). As with the other two titles, fans are waiting with bated breath for the mobile releases of Apex Legends. On this score, EA is dragging its feet. Cybercriminals, however, are licking their chops.

Malware disguised as Apex Legends for Android

Free download of Apex Legends for Android APK, no SMS or registration required

We’ve already talked about the risks facing Fortnite for Android fans as a result of Epic Games’ decision not to publish the mobile version on Google Play. As for EA’s Apex Legends, there is no talk yet of any app for Android at all. But impatient fans are looking for one nevertheless — and where demand goes, supply follows.

An online search for “download apex legends android” or “apex legends mobile download” will serve up links to sites offering APK files (the package format for Android apps) supposedly containing an installer for the game. The file name is usually convincing: ApexLegends.apk or apex.legendsmob.apk.

Download page of fake Apex Legends APK

Download page of fake Apex Legends APK

Likewise, there are videos on YouTube with instructions on how to download and install the game, which, as mentioned, does not yet exist. The video descriptions naturally include a link to the required resource.

Plainly missing from the search results is the website of the official developer. All links point exclusively to third-party resources, which should cause alarm bells to jingle.

Apex Legends becomes Trojan menace

If you succumb to temptation and try to install the “game” you found by searching or from a YouTube link, your battle royale with friends will turn into a battle not-so-royale with ads. That’s because you have most likely just downloaded the FakeFort Trojan.

This is the same ad-serving Trojan that cybercriminals foisted on users under the guise of Fortnite for Android. Under a more or less plausible pretext, such as “device verification,” the malware tries to download a whole set of apps that are totally unnecessary and often dangerous. The victim might also be required to take a “very important survey,” as well as view a couple of dozen advertising banners and commercials.

Of course, even after all that hassle, the promised mobile version of Apex Legends never starts. To add credibility, the user is even shown an introductory video from the game, and only then do the demands to install additional apps and take surveys start popping up.

Don’t trust the Internet

Our primary tip for gamers looking for this (or any) game online is to make sure that it actually exists — the very first page of Google search results has links not only to fake installers, but also to recent articles saying that the mobile version of Apex Legends has not yet been released.

If an app has just been announced, find out the release date and wait for it. And even after the Android version has been officially released, at least follow these basic security rules:

  • Download Android apps only from trusted sources, primarily Google Play. If for some reason the developers choose not to publish the game there (as was the case with Fortnite), their official website will suffice. The probability of picking up a malware infection is far lower when using official sources.
  • Use a reliable security solution. For example, the free version of Kaspersky Internet Security for Android lets you scan downloaded apps and catch uninvited guests. The paid version does that automatically during download and warns of any potential risks.