Have you ever seen a scam truthful evident that lone a kid could autumn for it? As reported by Malwarebytes, scammers connected TikTok are offering “free” download codes for fashionable games arsenic portion of a malvertising scheme—kids are encouraged to sojourn a website for escaped games, and malware is automatically downloaded to their machine done ads.
This scam is amazingly widespread. Searching “free Steam keys” connected TikTok brings up dozens of accounts, each claiming to connection escaped entree codes to games connected the Steam marketplace. Many of these scam accounts absorption connected Fall Guys, a $25 crippled that’s fashionable with livestreamers (and by extension, young gamers that don’t person $25 laying around).
Our friends connected the Malwarebytes squad identified 1 specified account, called fallkeys06, that encourages TikTok users to sojourn “fallkeys.com.” Despite the full “Steam keys” thing, this website offers nonstop downloads of Fall Guys for Android, iOS, and PC. And to sweeten the pot, these Fall Guys downloads are “hacked” with cheat codes and different perks.
Victims who effort to Fall Guys from “fallkeys.com” are asked to unfastened a CAPTCHA and beryllium that they’re not an automated bot. But this CAPTCHA links to a known malvertising website. In different words, it delivers malicious payloads done advertisements, often without a victim’s knowledge.
Thankfully, “fallkeys.com” is nary longer online. It appears that the site’s domain supplier unopen the cognition down. But determination are inactive a truckload of TikTok accounts directing users to “fallkeys.com,” each with names similar fallkeys04, fallkeys02, and adjacent fallkeys46! Clearly, TikTok isn’t taking steps to mitigate this problem.
If you privation to support yourself from akin scams, you should astir apt inquire your kids if they’ve seen radical giving distant “free” games connected TikTok and pass that specified accounts are trying to dispersed viruses. Children can’t support these scams from happening, but you tin inactive amended them connected net safety.