The mobile version of Valorant is set to release in Summer 2020, anything before that should be considered malware.
In October 2019, Riot Games announced the launch of a new game named “Valorant“ for June 2020 to be available on Microsoft Windows. A 2-month beta version was also available for certain users which just came to end about a day ago. With this, the statistics reveal that it happened to be very well received with over 3 million players every day.
However, capitalizing on this opportunity, malicious actors have also kicked in their schemes, one which has been uncovered recently by researchers at Doctor Web.
See: Hackers spread password stealer malware from YouTube comment section
What these threat actors are doing is that they are advertising a mobile version of the gaming app which, in reality, is a trojan as no real app of the game exists. To help convince users, several videos are being propagated on YouTube which falsely showcases the gaming experience on a smartphone.
One such example can be seen below:
Fake tutorials such as these as shown above take users through a series of steps in order to install the game. For example, firstly they would require users to install the trojanized game’s APK file from an online third party store such as apkworld[.]live.
Once installed, the fake game asks users to complete two offers before they can proceed which also requires the additional installation of two apps. Once these are done, it claims that the game will start working.
Image: Dr. Web
In another instance, as was identified by Doctor Web, viewers may be asked to download the app from a lookalike website of the real game project as shown in the photos below.
See: Counter-Strike 1.6 game client 0-day exploited to spread Belonard trojan
Regardless, the users are still redirected to install other malicious apps or participate in activities that are designed to make the malicious actors earn money.
Elaborating upon these, the researchers stated in their blog post that,
Such websites represent typical services that help clients earn money through affiliate clicks, artificial increases in the number of website visitors, monetization through the software advertizing and pay-per-install schemes in order to increase software popularity and number of installations, as well as monetizing online surveys and other online marketing campaigns on the Internet.
The following screenshot is taken from a YouTube channel promoting the scam:
Image: Dr. Web
In order to legitimize their claims, the perpetrators have also utilized a couple of other tactics such as adding detailed descriptions.
Image Dr. Web
Further, various comments have been added with the help of other accounts which present the notion that yes, the tutorial does work! Someone wise though rightly stated that it may not be true if it’s too good to be.
Nonetheless, this is not the first time that such an incident has occurred. In the past, as per the researchers, the same Trojan in this case name Android.FakeApp.176 has also been used to imitate several other popular games including:
Fortnite
Call of Duty: Warzone,
Apex Legends on smartphones
Interested gamers should always verify from the official company websites if a mobile version exists in any game in the first place.
See: Popular Android Zombie game phish users to steal Gmail credentials
Concluding, if you’ve fallen into the trap of installing any such app, we would recommend immediately uninstalling it and using anti-virus software on your phone which may detect any such trojans and wipe out their traces.
Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.
