Scammers Target Fans of 'The Last of Us' with Malware and Phishing Attacks
HBO released the first episode of its highly-anticipated series The Last of Us last week, but it hasn’t all been smooth sailing. Apart from the HBO Max app crash we reported on last week, the game upon which the series is based is now the victim of hackers and phishing scammers. Kaspersky, a privately owned cybersecurity company, has warned that since the launch of the series, scams connected to the gaming franchise are likely to drastically increase.
Recently, Kaspersky's researchers uncovered two different malicious campaigns, one involving malware injection on PCs and the other a phishing scheme to steal financial information such as banking data. In a recent interview with VPNOverview, Kaspersky stated that ‘Gamers are a popular target for cybercriminals, because, in addition to personal information, passwords, and bank card data, scammers may steal their gaming accounts with internal currency and rare skins, for example, using stealers.’
The first of the scams involves a website that pretends to offer a game called ‘The Last of Us Part II’ for download, but in reality, it’s nothing more than an elaborate trap. Anyone who attempts to download it will end up with malware on their device. ‘Most often, players get malicious software, stealing sensitive data, on their devices when trying to download a popular game from a third-grade website instead of buying it on the official one.’
Kaspersky also warned that malware could escape users’ attention for years after infecting their devices. ‘Users will not know that something is wrong because it may not cause any visible harm, while silently doing its job.’
Kaspersky did not provide specific information about the type of malware used in this campaign, but it can be in various forms, such as Trojans that steal personal information or ransomware that encrypt data. Gamers are also at risk of being affected by adware and crypto-jacking. As per Kaspersky's Securelist 2022 report on gaming-related cyber threats, between July 2021 and June 2022, around 384,224 gamers fell victim to thousands of malware disguised as games.
The second scam centers around a website that purports to offer an activation code for the game ‘The Last of Us’ on Playstation. The website, which is a phishing site, offers a ‘free gift’ such as a PlayStation 5 or a $100 Roblox gift card along with the code. To get the code and the gift, users are asked to pay a commission fee. In order to make the payment, the phishing site prompts the victim to enter their personal information, including credentials and credit card details. According to the researchers, victims of this scam do not receive anything in return. The scammers can then use the stolen personal information for all sorts of online fraud practices.
Kaspersky added that ‘Cybercriminals actively lure their victims with trendy games: for example, by offering a free download of a game that may be very expensive on Steam, or by distributing games that have not yet been officially released, and not just games – gamers can download something that looks like Discord from a third-party site, but will actually turn out to be malware.’
The Last of Us: TWENTY YEARS LATER
Me: pic.twitter.com/nBPUaGvTHy
— Joe Gunn (@joegunn) January 18, 2023
Kaspersky's Securelist report states that there were more than three million phishing attacks on online gaming platforms in the year between 2021 and 2022. Most of these attacks were aimed at tricking gamers into giving away their account credentials and financial information.
It is believed that malicious actors are targeting new fans of the HBO series, as they may be less informed about the latest release and cybersecurity practices compared to long-time fans and players of the franchise.
Olga Svistunova, a Kaspersky security expert, says that ‘The Last of Us will be a real boom in early 2023, considering how many years millions of fans have been waiting for the series. Curiously, now, instead of offering pre-access to the series, cybercriminals have chosen a different path and are distributing malicious files under the guise of a game. This shows that gamers, especially the new ones who don’t yet know enough about cybersecurity when playing, are among the main target audience for cybercriminals, and they will come up with more and more ways to exploit them’
Times are changing, and cybercriminals are getting more advanced and creative in their attempts at robbing you of your financial freedoms. Kaspersky recommends that in order to safeguard yourself and your information, you should enable two-factor authentication and always use unique, secure passwords. We recommend also keeping your software, apps, and operating systems up to date, as most of them come with built-in security upgrades.
Advertisement
