Hackers use fake Pokemon NFT games to take over PCs
If you recently discovered a new Pokémon card game online that claims to give you Non-Fungible Tokens (NFTs), be cautious before clicking on it because it may include dangerous malware.
Hackers use phony NFT games to conceal malware
Hackers are taking advantage of the popular craze surrounding Pokemon NFT cards to launch cyber attacks on unsuspecting users.
The attackers are using a fake Pokemon NFT card game as a cover to gain unauthorized access to PCs and take control of them. This latest scam highlights the importance of being cautious about online activities and only downloading and using trusted apps and games.
The perpetrators gain control of the victim’s computer by installing the NetSupport remote access tool (RAT) through a legitimate-looking Pokemon game.
Neowin’s publication claims that experts at ASEC were the ones who initially discovered the scam. The hackers are promoting the fictitious game as a brand-new NFT card game that lets players use Pokemon cards while earning money from their NFT investments.
Taking advantage of Pokemon’s popularity
Their phishing website is still active at the moment. The website promises to be the home of a new Pokemon NFT card game. Users can play Pokemon cards using their NFT investment gains, similar to a recent copycat NFT game that the official Pokemon company sued.
Due to the popularity of both Pokemon and NFTs, it is simple for the administrators of the malicious website to entice users to join. Additionally, they have done so by sending spam emails and posting on social media.
Users who click the ‘Play on PC’ option, according to BleepingComputer, automatically download an application that appears to be a legitimate game installation. In actuality, the victim’s computer has the NetSupport RAT setup.
Once the device’s firmware has launched, the file generates a folder in the %APPDATA% directory. The infection is challenging to remove because it generates hidden files related to the NetSupport RAT. Additionally, the downloaded and installed file on the user’s device makes a new entry in the Startup folder. This allows the infection to continue to operate even after a boot.
The ASEC experts assert that the hackers utilized a second website in the fraudulent effort. However, Google later took it down. BleepingComputer claims that the website’s operations began in December 2022.
Hackers have been using NetSupport RAT as a ‘Trojan Horse’
The NetSupport RAT is a legitimate tool that allows admins to access users’ machines remotely. As a result, hackers frequently employ it in the hopes that it will bypass security software.
Once the NetSupport RAT is set up on a user’s device, cybercriminals can access the device wirelessly to steal data or create more malware. They might even try to spread over the network.
Hackers frequently use NetSupport Manager as part of their nefarious operations. For instance, Microsoft warned users in 2020 about phishing scammers exploiting Excel files with COVID-19 themes to install the NetSupport RAT on their victims’ machines.
Avoid clicking any links or attachments on emails you receive from unknown sources. Also, ensure your gadgets and anti-malware software are always up to date.