Scam of the Week – Apex Legends fans targeted with Phishing and Malware Campaigns

March 28, 2019 1:15 pm Geraldine Strawbridge

Fraudsters are attempting to cash in on the massive success of ‘Apex Legends’ by targeting fans with a fake mobile app version of the game loaded with malware.

Apex Legends is a free-to-play battle royale game developed by Respawn Entertainment and published by Electronic Arts. The game was released on February 4, 2019, and it has already amassed a global audience of 25 million players.

At the current time, the game can only be played on a PC, or consoles like the PS4, Nintendo Switch or Xbox one. However, there is a huge demand for a mobile version of the game and hackers have been quick to capitalise on this increase in demand to launch their malicious scams.

When gamers search online for ‘Apex Legends Mobile Downloads’, they are presented with links that supposedly contain an installer for the game as seen below.

Image: Apex Legends fake download page: (Source: Kaspersky)

Despite appearing legitimate, the fake app is an adware downloader that generates a profit for its developer by displaying online ads to the victim. The links are also capable of delivering a much more damaging and destructive malware.

Fake videos have also appeared on YouTube providing users with advice on how to download and install the game. To access the content, users are instructed to a click on a link, which will either directly infect their device with malware, or bring them to a phishing website where they will be targeted with yet more scams including the Apex coin scam and other game cheats.

Up to 100,000 people have already fallen for the scam, however YouTube has since confirmed it has removed the malicious content from its site.

Image: Apex legends Scam videos on YouTube (Source: Bleeping Computer)

The malicious campaign bears striking similarities to the tactics that were used to target ‘Fortnite’ players in late 2018. Both games have become massive viral hits, that unsurprisingly, have attracted the attention of cybercriminals who are keen to exploit this mass market.

To avoid being scammed online, you should always double check the validity of a URL, only buy apps from trustworthy sites, never click on links or download attachments from unknown sources, and if something doesn’t seem right about a site then you should leave immediately.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, contact us to find out how we can help.