Life is sometimes like Battlestar Galactica: all of this has happened before, and will happen again. Longtime PC gamers are already familiar with scams that disguise obnoxious adware as hot new game releases, and the latest batch of AAA game titles proves to be no exception to the rule.
If you try to download illicit torrents of the latest Assassin’s Creed, Witcher, or Walking Dead installments, you're probably just asking for your system to be spammed.
Symantec, the computer-security giant based in Mountain View, California, posted the information on its Security Response blog. There's nothing terribly shocking here, but it serves as a good reminder: Torrents for newly released games are often traps.
In particular, Symantec singled out six fake game "downloads" currently making the rounds: World of Warcraft: Legion, Assassin's Creed Syndicate, The Witcher 3: Wind Hunt, Tom Clancy's The Division, Just Cause 3 and The Walking Dead: Michonne.
If you know how torrents work, you can see how easy it would be to exploit someone who doesn't know. First, users visit disreputable torrent sites (or reputable ones; even the best torrent pages often operate under a download-at-your-own-risk policy). They see a small .TORRENT file, which is normal; the .TORRENT file, which is meant to trigger the torrent, is small, while the game itself is large. That's where everything falls apart.
The fake .TORRENT file then shows users an installation prompt. This should set off warning bells, as torrent files themselves should never install anything. If a user accepts the prompt, the fake .TORRENT file then downloads a small .EXE file (less than four megabytes), named, for example, "The_Witcher_3_Wild_Hunt_3." This will not fool any savvy gamers, but again, they're probably not the intended targets of the scam.
If run, the .EXE will not install a game, but rather, a downloader for whole host of what Symantec dubs "PUA" or "potentially unwanted software." Symantec does not cite specific examples, but it does list a number of sites (mostly in Russia) that can install scads of adware without a user's permission. There's no evidence that this system of fake game downloads has spread actual malware yet, but there's no reason why it couldn't.
If you've already downloaded the unwanted programs, a good antivirus sweep will clean them from your system with (probably) no harm done. If you want to avoid the scam entirely, though, the best course of action is to buy games through legal means. Those developers have kids to feed, after all.