GTA VI malware and scams: How scammers exploit the upcoming blockbuster’s hype

Why are GTA VI malware and scams on the rise?

It’s been almost 13 years since Rockstar Games launched GTA V — the fastest entertainment property to gross $1 billion to this day. While the studio has been secretive about the development of the next installment of GTA (publicly announcing GTA VI development only in 2023), the fans have spent the last 10 years religiously waiting for any news. Now, with the game’s scheduled release on November 19, 2026, the long wait is transforming into a cult-like hype. A hype that’s easy to exploit, providing opportunities for scammers and malicious actors to capitalize on. 

The momentum picked up even more after rumors began circulating about pre-orders potentially opening between May 18 and 21, 2026, along with leaks pointing to six different editions of the game — Standard, Deluxe, and a special Collector’s Edition among them. As of June 2026, Rockstar hasn’t officially opened pre-orders yet, but that hasn’t stopped threat actors from racing ahead of the announcement. The title will initially launch on PlayStation 5 and Xbox Series X/S, with the PC version expected later — and that gap is exactly what scammers are weaponizing.

What are the GTA VI malware and scams that users should watch out for?

NordVPN’s Threat Intelligence team identified four distinct types of campaigns currently making the rounds. The common thread? They all target PC and Android users (the platforms left out of the initial console-only launch) by dangling the one thing those users won’t get anytime soon: GTA VI.

Fake GTA VI beta keys and subscription traps

Fake GTA VI beta keys and subscription traps are currently one of the most widespread GTA VI scams. It’s a typical example of social engineering tactics with promises of exclusive beta keys for PS5 and Xbox Series consoles. To make it more legitimate, scammers ask their targets to fill out a short form or go through a fake “Are you a bot?” verification step, eventually leading to paid subscription services or downloads of potentially unwanted applications (PUAs).

As tempting as these offers might sound, users should remember that Rockstar has not announced any public beta for GTA VI and is unlikely to do so in the future. Scammers play on curiosity and fear of missing out (FOMO), so avoid any GTA VI-related offers, links, and messages that awaken such emotions. Using link checkers to test suspicious links can also help avoid getting scammed.

Trojanized repacks targeting Windows users

The trojanized GTA VI repacks are far more technically sophisticated than just regular social engineering scams. With these scams, threat actors build clones of well-known piracy and repack sites to distribute Windows malware disguised as game files.

One sample analyzed on May 17, 2026, shows just how convincing these fakes can be. At first glance, the package looks like a legitimate game installer. However, the moment a user runs “Setup.exe”, the legitimate Ren’Py game launcher is abused via dynamic link library (DLL) sideloading, meaning that when the launcher loads what it expects to be an NVIDIA rendering library, the malicious “nvdrs.dll” planted alongside it is loaded instead. 

From there, the malware can modify the device’s memory, download additional malware, and connect to external servers to receive further instructions. In this particular instance, the download was traced to a domain registered just 23 days before the attack was detected. That suggests the infrastructure was built specifically for short-lived malicious campaigns, which is a popular tactic in these types of cyberattacks.

To avoid trojanized repacks, Windows users should strongly reconsider visiting piracy and repack sites, since they’re often the breeding ground for these kinds of scams. Additionally, users should not interact with anyone who promises GTA VI beta keys. Since Rockstar is only doing internal testing for this game, any invitation for GTA VI beta testing is an automatic red flag for a scam or malware attack.

Android adware masquerading as a “GTA 6 Beta”

You may have noticed the pattern here. Like the previous scams, this one, aimed at Android users, targets gamers with a fake app creatively named “GTA 6 Beta.” In reality, though, it’s an empty shell built on the Unity engine with no game code or gameplay. The fake app also comes with an authentic-looking Rockstar Games branding and a short intro video to sell the illusion.

The trouble happens when users tap the “Download OBB” button on the fake loading screen. That action forcibly opens Chrome in the foreground and starts a redirect chain that ultimately lands on “fizzyacerbitymellow.com.” The domain has a documented history of distributing infostealers, banking trojans, adware, and ransomware on both Android and Windows devices.

Under the hood, the app is heavily engineered: It uses IL2CPP obfuscation, emulator detection, and even abuses DNS-over-HTTPS (routing through “dns.google” at 8.8.4.4) to hide its traffic and conceal the intermediate redirection domains. While it does that, it silently pushes full-screen ads and funnels victims toward fake “human verification” steps that push paid subscriptions or additional malware downloads. It’s advertising fraud and CPA (cost-per-action) scams rolled into one package.

Naturally, it’s simple to avoid these scams if you remember one specific thing. Yes, we might sound like a broken record, but it’s just a fact — any post, app, or link inviting you to GTA VI beta testing is almost certainly a scam.

Amateur phishing targeting Rockstar Social Club accounts

The amateur phishing scams that target Rockstar Social Club accounts are a less polished but no less dangerous type of GTA VI scam. Our research team has tracked hundreds of amateur phishing pages aimed at stealing account credentials through fake login forms. Many of them are hosted on legitimate platforms like GitHub and Vercel, since piggybacking on trusted infrastructure helps these pages slip past basic security filters at zero cost to the attacker.

Compromised accounts have a few possible fates: They get resold on dark web marketplaces, or they get used for fraud inside the game ecosystem. And many of these phishing pages double as malware distribution points, using fake download buttons and promises of exclusive GTA VI content to push adware, infostealers, and trojans onto victims’ devices.

Since these scams are less likely to exploit the premise of GTA VI beta testing, it can be a bit more difficult to spot them. However, users should be careful of invitations to claim “exclusive GTA VI content” or lucrative preorder deals, especially if they sound too good to be true and come with suspicious links. Verifying the link before clicking on it takes less than 30 seconds, and it can save you a lot of trouble, so make sure to do that before engaging with suspicious offers.

How can users safeguard themselves from GTA VI malware and scams?

Protecting yourself from this wave of GTA VI–themed threats doesn’t require any specialist knowledge. All you need is just a bit of skepticism regarding any GTA VI–related offers and a few solid habits. NordVPN’s Threat Intelligence team offers a few tips every GTA VI fan should follow until the game actually drops:

• Avoid third-party download sites for any game content. Legitimate game files are distributed exclusively through official storefronts like the PlayStation Store, Xbox Marketplace, or Rockstar’s own platform. Any unofficial site — no matter how slick it looks — should be treated as a red flag.
• Treat beta key offers with skepticism. Legitimate betas for major titles are announced through official channels only. If a site asks you to verify your identity, subscribe to a service, or download an app to “claim” your access, it’s a scam. Period.
• Check URLs carefully before logging in. Always inspect the URL before typing in your credentials. Official game platforms and storefronts will never ask you to sign in through a third-party site. If the domain looks even slightly off, close the tab.
• Use link checkers. URL checkers are a quick and simple way to make sure you’re not being led to a malicious site. When in doubt, it’s the best way to make sure you’re not dealing with malicious links.
• Use a VPN. VPN itself isn’t going to protect you from GTA VI scams, but it can be useful to your overall online security, especially if you choose a service like NordVPN. One of the best options online, NordVPN is a VPN with a next-gen antivirus, capable of blocking malicious links, malware downloads, and even web trackers. It’s a simple but quite robust way to significantly increase your online safety while gaming, streaming, or browsing.