Video games exploited once again – threat actors post fake videos on YouTube promoting an alleged Valorant mobile app
Highly anticipated first-person shooter Valorant has been in the vicinity of bad actors recently, as the next Riot’s game is played by millions each day. The official release for the game is set to June 2, 2020, although many gamers were already playing it after acquiring Beta key passes via streaming platform Twitch. Those who weren’t lucky enough are still looking for ways to access the game, and scammers are here to help.
Upon initial release, fake Valorant beta key generators were infecting users with data-stealing malware such as njRAT.[1] Now, cybercriminals are advertising Valorant for mobile, a version that allegedly would allow users to launch the game on their Android and iOS devices. These links are injected into YouTube videos that have tens of thousands of views – the campaign was described by Dr.Web security research team, which also issued a warning to users:[2]
Doctor Web specialists have uncovered a fraudulent campaign targeting mobile device owners. Cybercriminals are publishing misleading videos on YouTube, promoting a mobile version of a new Valorant game and prompting unsuspecting users to install it on their mobile devices. But in reality, a trojan is being installed instead of the real game. This trojan helps malware creators get rewards from various online affiliate programs.
People are still searching for Valorant for mobile
In 2019, the gaming industry was worth $120 billion. 2.5 billion people regularly play games, game studios score big, mobile gaming sees immense success, and competitive e-sports are enjoyed by more than 450 million people worldwide.[3] Witch such immense popularity and much larger growth than Hollywood or the whole music industry, it is no surprise that malicious actors will attempt to abuse popular trends and exploit gamers for their own advantage.
Upon its Beta release on April 7, Valorant was only available on Windows OS and will continue to be so by the time it officially launches on June 2. However, just as with other popular shooters like Fortnite[4] or Apex Legends,[5] users are greatly interested in a mobile version of the game, and Riot has it planned for the future. In the meantime, gamers are being scammed by fake promises and YouTube videos of the allegedly free Valorant mobile game.
All users have to do is enter the search term, and they will be presented with a few YouTube videos that are presented as guides that would allow users to download the “adapted” version of the game. These videos are provided with lengthy descriptions to make them more believable, which are also accompanied by hundreds of fake comments, which claim that the installation of Valorant mobile was a success.
The scam scheme allows threat actors to scoop up the ad revenue
Valorant for mobile is a scam, although cleverly engineered nevertheless. Upon clicking the link in the YouTube video description, users are redirected to a website that reminds the official game site. In there, two links are presented, each of which would supposedly allow downloading the Android and iOS version of the game:
If a visitor tries to use the link from the iOS device, the website will redirect the request to the affiliate program web portal. If the request is performed from an Android device, the APK file with Android.FakeApp.176 will be downloaded instead.
Once the APK is launched on an Android device, users are presented with a legitimately-looking loading screen, which shows Riot’s logo. However, instead of launching the game, users are presented with a pop-up that asks users to download “two free apps” from an unknown source. Once users tap “OK,” they are led to the same website that iOS users are redirected right away.
Later, users can be asked to download apps from Google Play or complete surveys to earn rewards – this scheme is often used by malicious actors to earn revenue from ad clicks. Ultimately, games never get to play the desired Valorant game on their phones, but instead, end up with a trojan that redirects them to malicious sites filled with ads.
Security researchers recommend not to believe such fake claims and only rely on official release notes published by Riot on the official website.