A cybersecurity company has alerted the public to a phishing website that pretends to offer a Pokémon-themed NFT card game distributing malware.
Along with promising an NFT card game, the website also claims to provide an NFT marketplace and a platform for staking NFTs. However, instead of actually providing the game, the website downloads a remote access tool that grants hackers access to users’ devices.
The malware in question is called NetSupport RAT which is a remote access tool that allows hackers to take control of a device. When users clicked on a button to download the supposed Pokémon NFT game, they were actually downloading NetSupport RAT.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe – We publish new crypto explainer videos every week!
According to the report by ASEC (AhnLab Smart Defense), the malware is disguised as a game and is installed in a hidden folder in the device. It also creates a shortcut in the Startup folder, allowing it to run even after a device is restarted.
When NetSupport RAT is installed, it gives hackers access to various features on the infected device, such as screen capture, clipboard sharing, and file management. It can also execute commands.
The ASEC analysis team advised users to be cautious against these malware attacks:
“When installing externally sourced software, users are advised to purchase or download them from their official websites and refrain from opening attachments in suspicious emails.“
The ASEC analysis team also found other phishing pages with the same format as the fake Pokémon NFT game page, each distributing multiple copies of NetSupport RAT since December 2022.
In other news, malware disguises itself as popular programs such as Google Translate.
