You have to think twice before you click on a new Pokemon card game online that promises to give you non-fungible tokens (NFTs). Because although it is very tempting to do so, it could contain malicious software.
Currently, hackers are using a legitimate-looking Pokemon game to install the NetSupport remote access tool (RAT) and gain control of the victim’s device.
According to Neowin, the scheme was initially uncovered by analysts at ASEC. The threat actors are marketing the fake game as a new NFT card game that allows users to play with Pokemon cards and gain profits through their NFT investments.
(Photo : BEHROUZ MEHRI/AFP via Getty Images)
Hackers Use the Popularity of Pokemon and NFT to Lure Victims
At the time of writing, the website “pokemon-go[.]io” is still online. The website claims to be home to a new Pokemon NFT card game. It allows users to play Pokemon cards with NFT investment profits.
Since both Pokemon and NFTs are quite popular, it is easy for operators of the malicious portal to lure an audience to the site. And they’ve done it through mail spam, social media posts, etc.
According to BleepingComputer, users who click on the “Play on PC” button automatically download an executable that appears like a legitimate game installer. However, in reality, the NetSupport RAT is installed on the victim’s system.
Once the file is executed in the system of the device, it creates a folder in the %APPDATA% path. It also creates hidden NetSupport RAT-related files that’s why it’s difficult to remove the malware.
Moreover, the file installed in the user’s device also creates an entry in the Startup folder. With this, the malware can run even after every boot.
According to the analysts at ASEC, there was also a second site used in the malicious campaign. The other website was “beta-pokemoncards[.]io.” However, it has since been taken offline.
The activities of the websites started in December 2022, according to BleepingComputer.
Hackers Use NetSupport RAT for Their Malicious Activities
The NetSupport RAT is a legitimate program that is used to give system administrators remote access to users’ computers. Because of this, hackers usually use it hoping that it will evade security software.
Once the NetSupport RAT is installed in the user’s device, the hackers can remotely connect to a user’s device to steal data, or install other malware. They can even attempt to spread further on the network.
NetSupport Manager is commonly used by hackers as part of their malicious campaigns. For instance, Microsoft issued a warning in 2020 about phishing actors that were using COVID-19-themed Excel files that dropped NetSupport RAT onto the recipients’ computers.
Meanwhile, there was a campaign in August 2022 that targeted WordPress sites with fake Cloudflare DDoS protection pages that installed NetSupport RAT and Raccoon Stealer on the victims’ devices.
NetSupport Manager supports remote screen control as well as screen recording, system monitoring, and remote system grouping for better control. It also supports plenty of connectivity options, including network traffic encryption.
Given these functions, if it is infected with malware, it could lead to severe consequences. To avoid being a victim of such scams, do not download or install software from websites you don’t trust.
Refrain also from opening an email attachment or link that you got from someone you don’t know. Moreover, always ensure that your devices and anti-malware software are updated.
Sign Up for the iTechPost Newsletter
Get the Most Popular iTechPost Stories in a Weekly Newsletter
Source: Read More