Have you ever seen a scam so obvious that only a kid could fall for it? As reported by Malwarebytes, scammers on TikTok are offering “free” download codes for popular games as part of a malvertising scheme—kids are encouraged to visit a website for free games, and malware is automatically downloaded to their computer through ads.
This scam is surprisingly widespread. Searching “free Steam keys” on TikTok brings up dozens of accounts, all claiming to offer free access codes to games on the Steam marketplace. Many of these scam accounts focus on Fall Guys, a $25 game that’s popular with livestreamers (and by extension, young gamers that don’t have $25 laying around).
Our friends on the Malwarebytes team identified one such account, called fallkeys06, that encourages TikTok users to visit “fallkeys.com.” Despite the whole “Steam keys” thing, this website offers direct downloads of Fall Guys for Android, iOS, and PC. And to sweeten the pot, these Fall Guys downloads are “hacked” with cheat codes and other perks.
Victims who try to Fall Guys from “fallkeys.com” are asked to open a CAPTCHA and prove that they’re not an automated bot. But this CAPTCHA links to a known malvertising website. In other words, it delivers malicious payloads through advertisements, often without a victim’s knowledge.
Thankfully, “fallkeys.com” is no longer online. It appears that the site’s domain provider shut the operation down. But there are still a truckload of TikTok accounts directing users to “fallkeys.com,” all with names like fallkeys04, fallkeys02, and even fallkeys46! Clearly, TikTok isn’t taking steps to mitigate this problem.
If you want to protect yourself from similar scams, you should probably ask your kids if they’ve seen people giving away “free” games on TikTok and warn that such accounts are trying to spread viruses. Children can’t keep these scams from happening, but you can still educate them on internet safety.