• NordVPN’s risk intelligence crew recognized tons of of faux GTA 6 pre-order websites, repacks and Android apps deploying DLL-sideloading trojans and infostealer malware.
  • The malware infrastructure powering the marketing campaign overlaps with households that seize browser credentials and personal keys used to entry cryptocurrency wallets.
  • Marijus Briedis, chief know-how officer at NordVPN, mentioned attackers are exploiting fan impatience.

NordVPN’s risk intelligence crew not too long ago disclosed a coordinated rip-off wave exploiting anticipation for Grand Theft Auto VI, with pretend pre-order websites, malware-laced recreation repacks and counterfeit Android apps spreading credential stealers that researchers warn also can drain cryptocurrency wallets.

The marketing campaign spans tons of of phishing pages mimicking the Rockstar Social Membership login, pretend “GTA 6 Beta” Android apps that act as empty shells for full-screen adverts and malware redirects, and pirated recreation repacks containing DLL-sideloading trojans disguised as NVIDIA driver elements.

“When individuals are determined to get early entry to one thing, their guard comes down. That’s the window attackers exploit,” said Marijus Briedis, chief know-how officer at NordVPN.

Learn extra: NEAR Could Be the “Privacy Rail” Powering Zcash’s Next Boom, Says Arthur Hayes

Infostealer Payload Targets Wallets

The crypto-relevant threat sits within the malware infrastructure behind the marketing campaign relatively than any GTA-specific token rip-off. NordVPN traced one fake-app area to a bunch with a documented historical past of distributing banking trojans, ransomware and information-stealing malware; households that, in response to the report, “can seize credentials and personal keys used to entry cryptocurrency wallets.”

Furthermore, NordVPN recognized tons of of faux login pages concentrating on Rockstar Social Membership accounts, continuously hosted on authentic platforms comparable to GitHub and Vercel to bypass fundamental status filters.

The credentials harvested by means of these types feed underground marketplaces that additionally dealer stolen change and pockets logins, giving the identical operators a path from a gaming lure right into a self-custody compromise.

One malware pattern recognized on Could 17 used a website that had been registered solely 23 days earlier. Faux repacks of FitGirl, DODI and ElAmigos installers have been among the many carriers, mimicking trusted piracy manufacturers to decrease goal skepticism.

Crypto Holders Caught In Cross-Lure

Briedis flagged that scammers are intentionally concentrating on platforms the sport has not been confirmed for at launch. Rockstar Video games has confirmed Grand Theft Auto VI just for PS5 and Xbox Sequence consoles on the November 19, 2026 launch, but NordVPN noticed campaigns geared toward PC and Android users-

For cryptocurrency holders, the operational takeaway is to deal with any pre-launch GTA 6 installer, beta key or “unique” obtain as hostile, and to keep away from signing right into a Rockstar account from any hyperlink served outdoors the official Rockstar Video games and Take-Two channels.

The identical infostealer households implicated within the marketing campaign routinely pull seed phrases from browser extension storage, clipboard contents and password managers — the exact assault floor most self-custody customers depend on each day.

Associated: Former OpenZeppelin CTO Warns AI Has Made All DeFi Unsafe

The submit GTA 6 Hype Fuels Surge in Phishing Scams and Malware Campaigns appeared first on Crypto News Australia.