Gamers Beware: GTA Beta Version Weaponized with Malware by Hackers

The announcement made by Rockstar Games that Grand Theft Auto VI (GTA VI) will be released for the PlayStation 5 and Xbox Series in the autumn of 2025 has opened a door for cybercriminals. 

Researchers identified malicious Facebook advertisements promoting fake, downloadable PC versions of GTA VI as a free beta, which exploits the hype surrounding the upcoming release and tricks users into potentially downloading malware disguised as the anticipated game. 

Three identical ads

A Facebook page launched a social engineering campaign between July 16th and 18th, 2024, by utilizing three sponsored ads offering unauthorized access to a non-existent GTA beta version. 

The advertisements were directed toward a large European audience between the ages of 18 and 65, with a particular emphasis on France, Poland, Romania, Germany, and a number of other countries. 

While the malicious campaign itself appears to be inactive as of July 19th, it potentially reached hundreds of users before being taken down, highlighting the vulnerability of social media platforms to phishing attempts and the need for increased user awareness regarding such scams. 

Scam campaigns are targeting gamers with fake GTA VI beta download ads, and clicking the “download now” button on these malicious webpages leads to a Dropbox download containing malware. 

Promotion of the game

The same domain hosting these fake downloads is also suspected to be part of an Ethereum scam, as evidenced by its content and recent creation date (June 27, 2024). 

Security researcher Andrei Mogage distributed malware disguised as a Grand Theft Auto VI (GTA VI) installer. The attacker leveraged Facebook ads to spread an MSI file, mimicking a legitimate installation process that functioned as a downloader, similar to the FakeBat loader malware.  

Advertisement on facebook

The downloaded payload likely utilizes PowerShell scripts to achieve its malicious goals. It’s important to note that FakeBat typically uses the MSIX format, but attackers can pay extra for the MSI version. 

FakeBat loader malware leverages deceptive advertisements to distribute information stealers and RATs (Remote Access Trojans) as next-stage payloads, which can infiltrate compromised systems to steal credentials, financial information, or even deploy ransomware for further extortion. 

The analysis by Bitdefender identified currently available samples as malfunctioning, preventing them from launching subsequent payloads or initiating data exfiltration processes. However, this doesn’t guarantee the attackers won’t modify the malware to exploit potential victims.  

Since cybercriminals are profit-driven, it can be expected that they will refine the FakeBat loader and its payloads to bypass security measures and successfully compromise systems.

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here