Rockstar Games’ latest offering for the videogame industry, open-world crime simulator Grand Theft Auto V, came out several months ago for consoles to fanfare and anticipation. Unsurprisingly, people have been waiting for the PC version, despite Rockstar Games being very mum about its release date (or even its existence).
This uncertainty did not stop cybercriminals from taking advantage of the pre-release publicity. We recently found a spam campaign making the rounds; this one claims that the user has been invited to the GTA V PC beta test.
Figure 1. Spam message
The second half are links written in Slovak, leading to several sites, one of which is a phishing site. The biggest problem is the attached .ZIP file, which when opened reveals an application named Your promo code in app rockstargames.com. The extension may actually make people believe that it is a link to the Rockstar; in fact it is a backdoor detected as BKDR_ANDROM.ATG.
Figure 2. Contents of malicious attachment
Even though the existence of a PC version of GTA V is an unproven rumor, cybercriminals still managed to make convincing bait out of it.
We recently covered a similar incident using the non-existent desktop version of the messaging app WhatsApp. Like GTA V, the desktop version of WhatsApp has yet to even be announced, and yet it managed to garner its own share of victims.
As always, we remind users to always be vigilant and alert when it comes to spammed mails such as these. Make sure to check valid and reputable news organizations/websites first before clicking on anything that seems too good to be true. If possible, seek verification from first-party sources (in this case, Rockstar Games). It saves everyone a lot of wasted time, effort and hassle.
Additional analysis by Christopher So and Mark Manahan.