cybersecurity

‘The Last of Us’ malware, phishing scams proliferate as show premieres – cybersecurity firm

Gelo Gonzales
‘The Last of Us’ malware, phishing scams proliferate as show premieres – cybersecurity firm

Shutterstock

Threat actors are capitalizing on the series' popularity, promising fake, malware-infected downloads of the game

MANILA, Philippines – Cybersecurity firm Kaspersky on Monday, January 16, warned about the spread of malware and online scams that take advantage of the high profile debut of HBO’s adaptation of the game The Last of Us, which premiered on January 15.

Malicious actors are offering downloads of the PC version of The Last of Us, which isn’t slated to come out until March 2023, and The Last of Us Part II, which has not been confirmed for the PC. Instead of the game, victims will unknowingly download a malicious file, which “can hide on the computer undetected for years – you will not know that something is wrong because it may not cause any visible harm, it will just silently do its job,” said Kaspersky.

“After watching The Last of Us, many viewers will definitely want to play this game and control the actions of their favorite characters themselves. But if they haven’t been fans of this game series before, they are unlikely to know that The Last of Us is exclusive to PlayStation,” Kaspersky said.

“Cybercriminals are actively exploiting the public’s lack of awareness.”

Before the PC version was announced, the series was previously an exclusive for the PlayStation platform, with the original version coming out in 2013 for the PS3.

Must Read

HBO’s ‘The Last of Us’ review: Dreading the fungus among us

HBO’s ‘The Last of Us’ review: Dreading the fungus among us
The Last of Us phishing scams, security recommendations

Another infection vector the researchers discovered was a phishing site offering an activation code for the game. The firm described the process: “To download the file with the code, users are asked to choose one of the “gifts” that they will receive together with the game: for example, to get a brand-new PlayStation 5 or $100 Roblox Gift Card. However, after that users are told to enter their credentials and bank card data to pay the commission fee. In fact, by giving their data to the scammers, fans will have money stolen and will be left with nothing, while their personal data will later be used in other fraud schemes.”

Below is a screenshot of one site offering a download of the game:

Kaspersky expert Olga Svistunova explained that scams relating to the series may continue to proliferate throughout the year, given its popularity:

The Last of Us will be a real boom in early 2023, considering how many years millions of fans have been waiting for the series. Curiously, now instead of offering pre-access to the series, cybercriminals have chosen a different path and are distributing malicious files under the guise of a game. This shows that gamers, especially the new ones who don’t yet know enough about cybersecurity when playing, are among the main target audience for cybercriminals, and they will come up with more and more ways to exploit them.”

To avoid being a victim, the firm recommended the avoidance of links promising early viewings of the show, checking the authenticity of a site that asks for credentials carefully, paying attention to the extensions of files being downloaded as a video file will never have a .exe or .msi file extension, and using trsuted security solutions. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

author

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.