Cybercriminals use fake Pokemon NFT game to install remote access tool.


Pokemon malware

If you’ve just come across a new Pokemon card game online that promises to give you Non-Fungible Tokens (NFTs), think twice before clicking on it, as it may contain malicious software. Is.

Threat actors are currently using a legitimate-looking Pokemon game to distribute the NetSupport Remote Access Tool (RAT) and gain control of their systems. Originally discovered by ASEC analysts.the fake game markets itself as a new NFT card game where users can play with Pokemon cards and earn profits from their NFT investments.

When users click the “Play on PC” button on the cheat game’s website, an executable file will be downloaded to their device. While the file looks like a game installer, it actually contains the NetSupport RAT.

Once the file is executed, it creates a folder in the %APPDATA% path and creates hidden NetSupport RAT related files, making it difficult for users to remove the malware. The file also creates an entry in the startup folder so the malware can run after every boot.

While NetSupport is RAT. A legitimate program used to give system administrators remote access to users’ computers., the configuration file in the malicious file contains the command and control server address of the threat actor. This means that when NetSupport is executed, it will establish a connection to the threat actor’s NetSupport server, allowing fraudsters to steal data and install more malware.

Given how many legitimate NFT trading card games there are online (and the popularity of Pok√©mon itself), it’s highly understandable for people to fall prey to such an online threat. To protect yourself from such scams, never download or install software from websites you don’t fully trust. Avoid opening any email attachments or links you receive from someone you don’t know and always make sure your devices and anti-malware software are up to date.

Source: ASEC


You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *