The Last of Us is one of the most anticipated new series of the year so far, thanks to the popularity of the PlayStation game on which it is based. It was released on HBO in the USA and M-Net in South Africa on Sunday 15 January, and began streaming on Showmax yesterday (16 January).
With hundreds of thousands of viewers likely to want their fix, cybercriminals began plotting new schemes before the series went live. Specifically, the fraudsters spread scams on the PlayStation game, which is extremely rare. To infect victims with malware, they were offering downloads of The Last of Us game for PC, despite this version not having been released yet.
After watching The Last of Us, goes tjhe logic of the hackers, many viewers will want to play this game and control the actions of characters themselves. But if they haven’t been fans of this game series before, they are unlikely to know that The Last of Us is exclusive to PlayStation. They may also not know that the first part of the game is only scheduled to be released for personal PCs in March 2023.
Kaspersky researchers found a site that offers downloads of The Last of Us Part II on PC. Users who don’t know that this version of the game is not available for computers yet will download a malicious file instead of the real game. This malicious file can hide on the computer undetected for years – users will not know that something is wrong because it may not cause any visible harm, it will just silently do its job.
Kaspersky experts also discovered a phishing site that offers an activation code for The Last of Us. To download the file with the code, users are asked to choose one of the “gifts” that they will receive together with the game, for example, to get a brand-new PlayStation 5 or $100 Roblox Gift Card. However, after that users are told to enter their credentials and bank card data to pay the commission fee. By giving their data to the scammers, fans will have money stolen and will be left with nothing, while their personal data will later be used in other fraud schemes.
“The Last of Us will be a real boom in early 2023, considering how many years millions of fans have been waiting for the series,” says Olga Svistunova, a security expert at Kaspersky. “Curiously, now instead of offering pre-access to the series, cybercriminals have chosen a different path and are distributing malicious files under the guise of a game.
“This shows that gamers, especially the new ones who don’t yet know enough about cybersecurity when playing, are among the main target audience for cybercriminals, and they will come up with more and more ways to exploit them. Be alert and check if your coveted game is available on the platform offered, download games only from official app stores and don’t forget to use a trusted security solution.”
To avoid falling victim to malicious programs and scams, Kaspersky recommends that users:
- Avoid links promising early viewings of films or TV series. If you have any doubts about the authenticity of the content, check with your entertainment provider.
- Check the authenticity of the website before entering personal data and only use official, trusted web pages to watch or download movies. Double-check URL formats and company name spellings.
- Pay attention to the extensions of files you are downloading. A video file will never have a .exe or .msi extension.
- Use a reliable security solution, such as Kaspersky Premium, that identifies malicious attachments and blocks phishing sites.