Doctor Web Specialists discoveredthat there are videos on YouTube that talk about the appearance of the mobile version of the game Valorant (and potential victims are offered to install it). Under the guise of this game, a Trojan gets to Android devices, with which hackers earn money by participating in affiliate programs.
Those who follow gaming news know that Valorant is still under development and is only available as part of the beta test (and only for computers running Windows). However, fraudulent videos are mounted in such a way that the game process on the screen of a mobile device looks believable.
For greater credibility, such videos are accompanied by a detailed description, as well as a lot of comments from users who allegedly successfully installed the game on their mobile devices. All of these reviews are, of course, fake.
To download the game, users are invited to visit a site that looks similar to the official website of the Valorant project. On this resource there are two links through which you can allegedly download the game to a mobile device.
If a site visitor tries to download a game for an iOS device, he will be redirected to the affiliate program site. If the download attempt is from an Android device, an APK file with a trojan is downloaded to it Android.FakeApp.176. Since this file is not downloaded from the official Google Play catalog, on most modern devices it will be necessary to change the corresponding security settings to install it.
A malicious application mimics the game’s launch process, but then offers to “unlock” it by identifying the device. To do this, the user is required to download and install two other applications.
If consent to “unlock” is obtained, the trojan opens the site of the same affiliate service in the browser as in the case of iOS devices. After checking a number of parameters, this site redirects the user to the site of another affiliate program. It presents the tasks that the visitor must complete in order to receive a reward. In the case considered by experts, the user is required to install and run the game from the Google Play catalog, as well as take part in an online survey.
In fact, such sites are typical services for making money on clicks, cheating on hit counts, advertising various software and cheating on the number of its installations, as well as monetizing online surveys and other marketing campaigns on the Internet.
Some of these services really give the promised rewards to users, for example, when a particular task is performed to replenish the in-game balance or receive certain bonuses in games.
However, in the case of the Android.FakeApp.176 Trojan, users do not receive the game they promised. The mobile version of Valorant simply does not exist, and the only fake task is to download the partner service website, as a result of which fraudsters will receive a reward from the victim.
This type of illegal earnings with the use of malvari, which is issued as real games, has been encountered by specialists before. For example, the same version of Android.FakeApp.176 was distributed under the guise of the mobile version of the recently released game Call of Duty: Warzone, which is also available only on game consoles and Windows computers.
In addition, back in 2018, attackers distributed one of the modifications of this trojan under the guise of Fortnite, and in 2019 under the guise of Apex Legends. Both games quickly gained wide popularity among a variety of players, which hackers quickly rushed to take advantage of.
Another new product, the announcement of which took place less than two months ago, has already managed to gain millions of fans, which could not once again attract the attention of scammers.
Doctor Web recalls that users should critically evaluate information distributed on the Internet, not follow suspicious links, or install suspicious applications from unverified sources.