Fortnite app for Android let hackers hijack players' phones, Google warns

Support truly
independent journalism

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

The Fortnite app on Android can be hijacked by hackers to instigate "worm" attacks on players, Google has revealed

Epic Games CEO Tim Sweeney acknowledged the issue, which allows other apps on a user's device to silently install unapproved software in the background, but said Google should have waited longer to reveal the problem.

The disagreement is the latest in a long-running dispute between the two companies and comes after Epic refused to make the Android version of its hit game available on the official Google Play store.

Mr Sweeney explained his decision to only make the Fortnite app available through the Epic Games website by saying the 30 per cent cut of sales that Google took could not be justified.

"The great thing about the internet and the digital revolution is that... physical storefronts and middlemen distributors are no longer required," he said at the time.

The popularity of Fortnite has made it a magnet for cyber criminals, with some targeting players before the Android version of the game was even released.

Fake versions of the app were shared across social media earlier this summer, some of which contained ransomware that encrypted all of the data on the infected device until the victim paid a ransom in bitcoin.

According to cyber experts, the latest vulnerability could be the first drop in a "flood of security problems" for Fortnite on Android.

"As Fortnite continues to grow in popularity, it will become a greater vector for launching malware and ransomware, with malicious actors possibly even pivoting to kinetic ransomware-style attacks," Lawrence Pingree, a cyber security specialist at SonicWall, told The Independent.

"With kinetic ransomware, victims are forced to complete an action to regain access to their encrypted devices... We saw this in April with the PUBG ransomware, which forced victims to play a game called PlayerUnknown's Battleground for one hour to decrypt the device. While this instance was benign, the potential implications are far reaching and quite dark."

Such instances of the malware, Mr Pingree warned, could eventually spread beyond individuals to companies or governments, forcing officials to carry out "sinister" acts to regain control of their systems.