A fake Pokemon NFT game seems to infect people’s computers with malware. Hackers are trying to use a duped Pokemon NFT trading card site to conduct phishing attacks on unsuspecting victims. Read on to learn more about how to avoid falling for the trap!
How Can I Avoid NFT Scams?
To begin, ensure that you read our guide to NFT security in partnership with hard-wallet brand Ledger. Then, ensure that you are aware of current scams and hacks, like this one!
Hackers are using a Pokemon game that, once installed, deploys the NetSupport remote access tool (RAT). With this tool, the hackers gain control of the victim’s device. The group is currently disguising themselves as a legitimate play-to-earn Pokemon NFT card game. The website “pokemon [dot] io” is currently still online.
According to a report by BleepingComputer, users who clicked on the “Play on PC” button on the site automatically had the installer downloaded. The installer ran without suspicion, making people believe that they had downloaded the actual game. But in reality, the installer deployed the remote access tool on their system, which then allows the hackers to evade security software on the victims systems.
What Happens if You Install the Fake Pokemon NFT Game?
Once installed, the NetSupport tool allows hackers to remotely connect to a user’s device to steal data, or install other malware. The NetSupport manager allows remote screen control, screen recording, system monitoring, etc. Moreover, this is uncovered to be an alternative operation by the hacker team. According to ASEC, there was a second campaign using the website “beta-pokemoncards[.]io,” but this site has been taken down.
The stellar popularity of Pokemon makes this marketing campaign easy to sell to innocent fans and collectors of the franchise. The ASEC advises people to be wary of the threat group and spread the word among the community to stop the spread of the malicious software attack. The NetSupport RAT is a legitimate program that gives system administrators remote access to devices. Due to this reason, hackers commonly use it to evade security software measures. You may read more about this specific attack on the official ASEC statement.