Dozens of malicious apps infected with the malware are being distributed via the Play Store and alternate app stores such as APKpure and APKCombo, often targeting users to spy on their habits and steal data.
According to security firm Kaspersky, this malware campaign has been live for over 4 years, and is likely the work of the OceanLotus advanced persistent threat (APT) group, thought to be based out of Vietnam.
> Fortnite became available for Android on Aug. 9, starting with Samsung Galaxy devices, and then became available for all of Android on Aug. 12. Google brought the vulnerability to Epic Games' attention on Aug. 15. Epic Games immediately acknowledged its mistake and fixed the bug with version 2.1.0 of the launcher on Aug. 16.
Iirc the issue was that they first downloaded a file and then ran it. Thus there was a short window of time where someone can tamper with the file before it's running. Far from being a security nightmare it was a subtle flaw, and fixed quickly.
https://www.techradar.com/news/phantomlance-malware-breaches...
Dozens of malicious apps infected with the malware are being distributed via the Play Store and alternate app stores such as APKpure and APKCombo, often targeting users to spy on their habits and steal data.
According to security firm Kaspersky, this malware campaign has been live for over 4 years, and is likely the work of the OceanLotus advanced persistent threat (APT) group, thought to be based out of Vietnam.