NordVPN, a prominent cybersecurity firm has issued a warning on malware and phishing attacks spreading globally impersonating Grand Theft Auto VI. The highly anticipated game is expected to launch in November 2026.
According to the NordVPN Threat Intelligence Team, attackers are exploiting the high anticipation and pre-launch hype surrounding the game by distributing fraudulent beta keys, fake installation files, Android adware apps, and phishing websites.
The initial release of GTA 6, however, is not expected to support PC or Mobile platforms. Attackers are spreading fake ‘GTA 6 Beta’ and ‘Early playable versions’ to lure users into downloading malicious software and redirecting them to fraudulent websites.
NordVPN has identified several fraudulent sites claiming to provide beta keys for Playstation 5 and Xbox platforms. Circulating fake beta keys is one of the major tactics adopted by attackers to lure the average user into downloading malicious softwares.
These fake sites are using fake bot-verification before redirecting them to paid subscriptions or unnecessary software installation.
Also read: Rockstar Breaks Silence with GTA 6 Discord Update, Sparks New Speculation
Trojan malware disguised as pirated game files is used to target Windows users. Fake websites impersonating popular repack distribution brands such as FItgirl, DODI, and Elagamios have been used to spread malicious softwares.
Once the malicious software enters the system, they run in the background without the knowledge of the user. Some variants impersonate NVIDIA graphics drivers communicating with external servers and downloading additional softwares.
Mobile users are also facing such similar attacks. Fake android apps named ‘GTA 6 Beta’ are being circulated to lure the users into downloading these malicious files. Once downloaded, it shows no actual gameplay, instead repeatedly displays advertisements attempting to trick the user into paid subscription or redirecting them to additional malware downloads.
These fake apps copied the official branding and intro videos from the Rockstar games. NordVPN reported that the malicious architecture behind these apps have been linked to infostealers, banking trojans, adware and ransomware campaigns. Researchers also identified several hundred phishing websites targeting Rockstar Games Social accounts.
Attackers are reportedly tricking users hosting fake login pages on legitimate platforms such as Github and Vercel to steal account credentials. While several other phishing pages are distributing adware, infostealers and trojan malware promising exclusive GTA 6 related contents.