Rockstar Games’ announcement about the upcoming videogame release in the long-running Grand Theft Auto series has been on every gamer’s lips this past year.
GTA VI is scheduled for an Autumn 2025 release on PS5 and the Xbox Series, with PC gamers having to wait a bit longer. However, this hasn’t stopped threat actors from exploiting the highly anticipated action-adventure game from the US-based game publisher.
Bitdefender researchers have spotted highly suspicious Facebook ads promoting fake GTA VI beta versions that are free to download on PC.
Here’s what we found:
- A Facebook page has been promoting free access to the GTA beta version for the first 100 people via sponsored Facebook ads between July 16-18.
- The page has been running three separate ads, both using the same message and visuals; As of July 19, none of the malicious ads remain active
- The potential reach of these ads is in the hundreds of people, and according to Meta’s EU transparency policy, the targeted audience is between 18 and 65 years of age. Furthermore, the demographic breakdown shows the malicious ads targeting users in Europe, including France, Poland, Romania, Germany, Spain, Hungary, Italy, Greece, the Netherlands, and Sweden, among others.
The ads invite gamers to join the GTA VI beta release and download the version onto their device. The Download button associated with the ads leads users to a malicious webpage, as seen below:
Upon clicking the “download now” button above a fake download counter, a malicious sample is downloaded from Dropbox.
This malicious domain also seems to be hosting an Ethereum scam on its index page, which was created June 27, 2024.
Here’s an analysis of the malicious sale conducted by security researcher Andrei Mogage:
The MSI file downloaded through the Facebook ad impersonates a legitimate installer for GTA VI and mimics an installation process. The file itself is malicious, with many similarities with FakeBat loader malware.
This conclusion is drawn by the modus operandi: using an MSI file posing as legitimate software to deploy malicious payloads constructed by other operators, along with PowerShell scripts.
(Note: Latest versions of FakeBat usually include a MSIX instead of MSI, although operators can explicitly pay for the MSI format.)
FakeBat loader malware has been widely distributed through fraudulent websites and ads to aid the download of next-stage malware such as info-stealers and RATs (Remote Access Trojans) that exfiltrate credentials and financial info from compromised systems, or even ransomware.
Our researcher noted that the three malicious samples available to download from the three ads are “broken” and cannot finalize their execution to launch additional payloads onto users' devices or initiate any data exfiltration processes.
Given these setbacks, it’s not uncommon for the threat actors behind the campaign to begin tweaking their malicious software and start monetizing the potential victim pool.
Bitdefender’s Ionut Baltariu, an avid gamer himself, urges users to exercise caution and avoid posts, ads, or messages promoting early access to the anticipated GTA game installment.
Here’s how you can stay safe:
Bitdefender security solutions block new and existing threats.
Boost your online safety by choosing Bitdefender's security solutions. Then, enjoy the perks of customizable user profiles designed to reduce system workload and slowdowns for an uninterrupted gaming experience.
We’ll temporarily halt pop-ups and alerts and postpone any automatic updates or scheduled systems scans so you can fully enjoy your game session while continuing to benefit from award-winning threat detection.
You can now benefit from our special summer sale packages, here.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024