Reports said that a fake Pokémon nonfungible token (NFT) game seems to infect people’s computers with malware., as hackers are trying to use a duped Pokémon NFT trading card site to conduct phishing attacks on unsuspecting victims.
It has been reported that hackers are using a Pokémon game that, once installed, deploys the NetSupport remote access tool (RAT). With this tool, the hackers gain control of the victim’s device. The group is currently disguising themselves as a legitimate play-to-earn Pokémon NFT card game. The website “pokemon [dot] io” is currently still online.
However, according to a report by BleepingComputer, users who clicked on the “Play on PC” button on the site automatically had the installer downloaded. The installer ran without suspicion, making people believe that they had downloaded the actual game. But in reality, the installer deployed the remote access tool on their system, which then allows the hackers to evade security software on the victims systems.
The report said that once installed, the NetSupport tool allows hackers to remotely connect to a user’s device to steal data, or install other malware. The NetSupport manager allows remote screen control, screen recording, system monitoring, etc. This is uncovered to be an alternative operation by the hacker team.
According to ASEC, there was a second campaign using the website “beta-pokemoncards[.]io,” but this site has been taken down. The stellar popularity of Pokémon makes this marketing campaign easy to sell to innocent fans and collectors of the franchise. The ASEC advises people to be wary of the threat group and spread the word among the community to stop the spread of the malicious software attack.
Thus, the NetSupport RAT is a legitimate program that gives system administrators remote access to devices. Due to this reason, hackers commonly use it to evade security software measures. You may read more about this specific attack on the official ASEC statement.
Source: NFT Evening