Beware Grand Theft Auto Fans! Fake GTA VI Beta Download Spreads Malware

4 months ago 27
BOOK THIS SPACE FOR AD
ARTICLE AD

Grand Theft Auto VI fans beware of Fake GTA VI Beta download ads! Don’t get scammed by fake GTA VI beta versions advertised on social media. Learn how to spot these phishing attempts and protect yourself from malware.

Grand Theft Auto (GTA) is a household name in gaming, and Rockstar Games, the developer behind GTA, has announced the release of Grand Theft Auto VI in Autumn 2025 for PS5 and Xbox Series, which has got fans all excited.

However, this presents threat actors with the perfect opportunity to exploit fans, with Bitdefender researchers detecting suspicious Facebook ads and promoting fake beta versions for free download on PC. 

Social media users, particularly those following GTA content, might encounter sponsored ads promising early access to a non-existent GTA VI beta. These ads often showcase tempting features, early release dates, and even include convincing-looking gameplay footage (likely stolen from 2022’s Rockstar data breach and other sources)

According to Bitdefender‘s report, between July 16 and 18, researchers came across a Facebook page promoting free access to the GTA beta version for the first 100 people through sponsored ads. This page was running three different ads all using the same message and visuals, targeting people aged 18-65.

The malicious domain used in the ad was created on June 27, 2024, and was also hosting another Ethereum scam. Users in Europe, including France, Poland, Romania, Germany, Spain, Hungary, Italy, Greece, the Netherlands, and Sweden were the primary targets. 

Security researcher Andrei Mogage’s analysis revealed that the MSI file downloaded through the Facebook ad impersonated a legitimate GTA VI installer and mimicked the installation process. The file shared similarities with FakeBat loader malware that deployed malicious payloads and PowerShell scripts to download next-stage malware like info-stealers and RATs.

Clicking the ad leads to a website mimicking a legitimate download page. Here, a user might be prompted to download an ‘exclusive beta client’ or complete a survey to gain access. These downloads aren’t beta versions; they’re malware in disguise. It is worth noting that Rockstar Games has not announced a beta program for GTA VI.

The three malicious samples available for download from the ads were “broken” and could not execute payloads or exfiltrate data. As of July 19, none of these malicious ads remain active.

Facebook’s history of approving malicious ads

While the reported malicious ads may be removed, there could be hundreds of such malicious ads currently running on social media, especially Facebook, which is known for approving malicious ads.

In February 2024, Savvy Seahorse, a DNS threat actor, was found using Facebook ads to promote and lure unsuspecting victims into its investment scams. In November 2023, Facebook displayed AI-generated “provocative” ads that spread NodeStealer malware.

Back in April 2021, Facebook approved an advertisement that displayed and distributed a Facebook Messenger phishing link. In April 2021, Facebook also displayed an ad that mimicked the Clubhouse app but, in reality, was malware.

But that’s not all. The severity of malicious Facebook ads is highlighted by a December 2020 report, which revealed that hackers phished more than 615,000 login credentials using Facebook ads.

Nevertheless, you can easily spot fakes in the gaming industry as these often make unrealistic promises, and poor grammar, and create urgency to download games. To stay safe, ignore sponsored social media ads, and download games from official sources like the developer’s website or trusted retailers.

You May Also Like…

Hackers remotely interrupting GTA Online PC Gameplay Fake Ads Manager Software Target Facebook Accounts Fake ChatGPT and AI pages on Facebook are spreading infostealers Beware of Fake Facebook Profiles, Google Ads Pushing Sys01 Stealer Russian Hacker Exploits GTA 5 PC Mod to Install Cryptocurrency Miner
Read Entire Article