ASEC: A Fake Pokemon Featured NFT Game Controls User Devices
A cybersecurity firm exposed a phishing website offering a Pokemon-powered Non-Fungible-Tokens (NFT) card game. Apparently, criminals sent malware to players’ devices via these NFTs.
According to Japanese media, the phishing site is “pokemon-go[.]io,” is still online and has an NFT marketplace, including a link that redirects to buy tokens and provides an opportunity to stake NFTs.
Hacker’s Mind Games
The AhnLab Security Emergency Response Center (ASEC), an arm of AhnLab and a cybersecurity firm, stated in a blog on Jan. 6 that players indirectly downloaded a remote access tool that can control users’ devices.
A remote access tool called ‘Netsupport’ can be installed and used by any user; it is a common application to control other devices used in businesses. Mostly, IT engineers in any corporate company use this application to support their employees who are working from home.
The tool can be exploited by malicious organizations or individuals to steal data from individuals or even organizations. The application is transferred discreetly to a computer system.
The ASEC report mentioned that “The following phishing page is disguised as one for a Pokémon card game, and you can see the ‘Play on PC’ button below. When the user clicks this button to install the game, instead of the Pokémon card game , the NetSupport RAT will be downloaded.”
Pokemon games, animated series and NFTs are popular globally. It is not difficult for hackers to attract players to their phishing sites. Players visit this website through social media, malspam and many more sources.
ASEC reported that the fake pokemon card scheme was started in December 2022. The ASEC analysts examined several files and found that another phishing site also existed and operated in the same way as the current site works.
The analysts examined the relevant files using ASD (AhnLab Smart Defense) infrastructure and the VirusTotal tool. According to local media, the other site, ‘beta pokemoncards[.]io’, is taken offline.
These two websites are not the only websites in the ecosystem. There may be other websites based on some other popular cartoons or animations that users need to be careful about before installing them on their devices.
Technology is getting more advanced and the crypto industry is introducing new things. It is obvious that many bad actors have shifted from social media or other industry to the crypto industry with some bad intentions.
As a responsible crypto user, it is every user’s responsibility not to take anything casually. It is for their own safety, as there was a very famous saying, “Precaution is better than cure.”