Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
If you’re into gaming, you’ve probably heard of Fortnite: Battle Royale. Epic Games’ popular new online title debuted on consoles and PCs in September 2017, on iOS this April, and finally on Android for a handful of device models (Samsung Galaxy S7 / S7 Edge , S8 / S8+, S9 / S9+, Note 8, Note 9, Tab S3, and Tab S4) on August 9th. Unlike iOS, users can side-step the Android Google Play portal and sideload un-curated apps without needing to jailbreak the device or performing other unsanctioned activities. For Android, sideloading involves installing an from outside of the official Android package repository.. Epic took full advantage of that openness in the Android platform as a way to avoid letting Google take a 30% cut of their sales by distributing the game through their own website instead.
If you want to install Fortnite: Battle Royale on your Android device, I urge you to go to fortnite.com/android. That URL will redirect you to a different page on https://www.epicgames.com depending on your geography. If you find Fortnite for Android hosted somewhere else, it’s probably trojan malware. At least seven phishing sites have appeared in recent days for the sole purpose of distributing fake Fortnite game Android trojans. By downloading one, you’ll almost certainly end up seriously compromising the security of your Android device and its data, rather than enjoying a fun and legitimate game app. Some of the phishing sites even go to the effort of spoofing the UI of the Google Play Store.
Some cybersecurity professionals think that Epic’s decision to distribute their Android game themselves rather than through the curated Google Play Store is a terrible idea. Falanx Group’s Rob Shapland said
“Epic Games’ decision to publish the Android version of Fortnite outside of the Play Store is a very poor choice for the security of their players. Android devices are already far more susceptible to malware than Apple devices, with the greatest protection being to always download apps from the Play Store as these apps are screened for malware, which prevents most malicious apps from being installed. By encouraging users to download Fortnite outside of the Play Store, Epic Games leave their players vulnerable to malicious copycat apps being installed accidentally if they go to the wrong site. (Epic Games’s decision) normalises the behavior of downloading apps from outside of Play Store, which can only lead to more malicious apps being installed in the long term.”
Side-loading outside of Google Play isn’t the first major malware problem that’s associated with Fortnite. In June, 2018, Rainway, online gaming platform Rainway noticed a major cyber-attack that targeted the Windows version of Fortnite. Sometimes gamers like to cheat and freeload; YouTube videos have appeared claiming to show people how to acquire free “V-Bucks” (Fortnite’s in-game currency) and an “aimbot” which is supposed to make it easier for players to shoot their enemies. If an offer like this sounds too good to be true, it probably is!
Rainway CEO Andrew Sampson wrote
“On the early morning of June 26th, we began receiving hundreds of thousands of error reports to our tracker. Not feeling very excited to see such an influx of events on a Tuesday the engineering team was a bit flustered, after all, we hadn’t released any updates to that particular piece of our solution.
It became pretty clear soon after that this new flood of errors was not caused by something we did, but by something someone was trying to do.
Rainway’s team eventually traced the odd traffic to Fortnite cheating trojans that facilitated HTTPS man-in-the-middle attacks!
“We then spun up a virtual machine and ran the hack, it immediately installed a root certificate on the device and changed Windows to proxy all web traffic through itself. A successful Man in the Middle Attack.
Now, the adware began altering the pages of all web request to add in tags for Adtelligent and voila, we’ve found the source of the problem — now what?
We began by sending an abuse report to the file host, and the download was removed promptly, this was after accumulating over 78,000 downloads. We also reached out to Adtelligent to report the keys linked to the URLs. We have not received a response at this time. SpringServe quickly worked with us to identify the abusive creatives and remove them from their platform.”
If you ever want to download any video game or DLC from outside the official platform store (for example, for PS4, the Sony PlayStation Store where each application is curated, signed and packaged), make sure you do so from the game developer’s official website. If you’re not confident about the site being the developer’s own, don’t take the risk. Err on the side of caution by not downloading in the first place.
I hope that, as Epic ports Fortnite to more Android devices in the future, they change their mind and switch distribution to the Google Play Store. But with mobile software as with Pandora’s (loot) box, once opened, it’s almost impossible to close..
Fortnite trojans reflect a malware trend that Comodo research has observed lately, specifically pertaining to Android. Read more about the rise of Android trojans of all kinds in the latest Comodo Global Threat Report for Q2 2018
Internet Security Program
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats