Cybercriminals target fans of The Last of Us with recent malware and phishing scams

Hackers and scammers have recently been taking advantage of the excitement surrounding HBO’s new adaption of the popular video game franchise The Last of Us.

Technology expert Prateek Jha from VPNOverview.com warns fans of the franchise of the two scams circulating right now. 

Recently, Kaspersky researchers shared with VPNOverview details of two separate campaigns — a scam designed to inject PCs with malware and a phishing ploy designed to steal banking information and other financial data. 

“Gamers are a popular target for cybercriminals because, in addition to personal information, passwords, and bank card data, scammers may steal their gaming accounts with internal currency and rare skins, for example, using stealers,” Kaspersky told VPNOverview. 

Malware offering ‘The Last of Us Part II’ for PC scam 

The first of the two scams involve a website offering “The Last of Us Part II” for download. Anyone who attempts to download this fraudulent game will get malware on their device. 

“Most often, players get malicious software, stealing sensitive data, on their devices when trying to download a popular game from a third-grade website instead of buying it on the official one,” Kaspersky said. The researchers noted that malware could remain hidden on a device and go “undetected for years.” “Users will not know that something is wrong because it may not cause any visible harm while silently doing its job,” they said.

A PC remake of the original first part of The Last of Us is slated for a March 2023 release; both games are currently exclusive to PlayStation and not available for download. According to a 2022 Kaspersky report on gaming-related cyber threats by Securelist, between July 2021 and June 2022, approximately 384,224 gamers encountered thousands of malware disguised as games. 

Phishing scam targeting payment data 

The second scam involves a website that offers an activation code for The Last of Us on PlayStation. The phishing site bundles the code with a “gift,” such as a PlayStation 5 or a $100 Roblox gift card. 

To receive the code and the gift, users must pay a commission fee by entering their credentials and credit card data. Victims of this scam are left with nothing in return, as the scammers could use the stolen data to conduct various types of online fraud. 

“Cybercriminals actively lure their victims with trendy games: for example, by offering a free download of a game that may be very expensive on Steam, or by distributing games that have not yet been officially released,” Kaspersky said. “And not just games – gamers can download something that looks like Discord from a third-party site but will actually turn out to be malware.” 

Between 2021 and 2022, there were over three million phishing attacks on online gaming platforms, with most of these designed to steal gamers’ account credentials and financial data. 

New fans should be careful 

These new scams are targeting new fans the HBO series brings to the franchise, as long-time fans and players are likely up to date on the latest release information and cybersecurity practices. 

The best way to stay ahead of such scams is to exercise caution and only download video games from official sources and trusted websites. If you come across any deals that seem too good to be true, do a quick Google search to check out their legitimacy. Cybercriminals can also target gamers outside gaming platforms and forums, using malware disguised as legitimate software, so fans should be aware of this. 

It is also recommended to activate two-factor authentication and use unique, secure passwords for all your online accounts. Also, keep your operating systems and apps updated.