Hackers and scammers are taking advantage of the excitement surrounding HBO’s new adaption of the popular video game franchise The Last of Us. Last week, Kaspersky researchers shared details of two separate campaigns — a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data. “Gamers are a popular target for cybercriminals, because, in addition to personal information, passwords, and bank card data, scammers may steal their gaming accounts with internal currency and rare skins, for example, using stealers,” Kaspersky told VPNOverview. Following HBO’s Sunday Night premiere, the researchers warned that scams connected to the franchise are likely to increase drastically.
Scam Site Offers ‘The Last of Us Part II’ for PC
The first of the two scams involves a website offering “The Last of Us Part II” for download. Anyone who attempts to download this fraudulent game will get malware on their device. “Most often, players get malicious software, stealing sensitive data, on their devices when trying to download a popular game from a third-grade website instead of buying it on the official one,” Kaspersky said. The researchers noted that malware could remain hidden on a device and go “undetected for years.” “Users will not know that something is wrong because it may not cause any visible harm, while silently doing its job,” they said. A PC remake of the original first part of The Last of Us is slated for a March 2023 release; both games are currently exclusive to PlayStation and not available for download. While Kaspersky didn’t provide specific details about the malware in this campaign, it could be anything from info-stealing Trojans to data-encrypting ransomware. Gamers also run the risk of being exposed to adware and cryptojacking schemes, Kaspersky said. According to a 2022 report on gaming-related cyber threats by Kaspersky’s Securelist, between July 2021 and June 2022, about 384,224 gamers encountered thousands of malware disguised as games.
Phishing Site Targeting Payment Data
The second scam involves a website that offers an activation code for The Last of Us on PlayStation. The phishing site bundles the code with a “gift,” such as a PlayStation 5 or a $100 Roblox gift card. To receive the code and the gift, users must pay a commission fee. And to do so, the site asks the victim to enter their credentials and credit card data. Victims of this scam are left with nothing in return, the researchers said. The scammers could use the stolen data to conduct various types of online fraud. “Cybercriminals actively lure their victims with trendy games: for example, by offering a free download of a game that may be very expensive on Steam, or by distributing games that have not yet been officially released,” Kaspersky said. “And not just games – gamers can download something that looks like Discord from a third-party site, but will actually turn out to be malware.” In the span of a year between 2021 and 2022, there were over three million phishing attacks on online gaming platforms, Kaspersky’s Securelist report said. Most of these social engineering attacks were designed to steal gamers’ account credentials and financial data.
New Fans Should Exercise Caution
Malicious actors are thought to be targeting new enthusiasts the HBO series brings to the franchise, as long-time fans and players are likely to be up-to-date on the latest release information and cybersecurity practices. “The Last of Us will be a real boom in early 2023, considering how many years millions of fans have been waiting for the series,” said Olga Svistunova, a security expert at Kaspersky. “Curiously, now, instead of offering pre-access to the series, cybercriminals have chosen a different path and are distributing malicious files under the guise of a game.” “This shows that gamers, especially the new ones who don’t yet know enough about cybersecurity when playing, are among the main target audience for cybercriminals, and they will come up with more and more ways to exploit them,” Svistunova added. The best way to stay ahead of such scams is to exercise caution. Only download video games from official sources and trusted websites. If you come across any deals that seem too good to be true, do a quick Google search to check out their legitimacy. Cybercriminals can also target gamers outside gaming platforms and forums, using malware disguised as legitimate software. Kaspersky recommends activating two-factor authentication and using unique, secure passwords for all your online accounts. Also, keep your operating systems and apps updated. Here’s a complete list of Kaspersky’s security tips for gamers. We highly recommend installing a solid antivirus as an additional layer of protection. Our detailed reviews of Norton360, Bitdefender, and Kaspersky are a good place to start.