A recent revelation by a developer has shed light on a sophisticated game download scam highlighting the new tactics of fraudsters targeting web3 games.
The scam began with a direct message from a now-deactivated X account, @ameliachicel, proposing a job opportunity. The job involved a Solidity position for a web3 game named MythIsland, with details hosted on a seemingly legitimate website, mythisland[.]io.
The website, with impressive graphics and functioning links, displayed a detailed presentation of the game, including its in-game economy and NFT aspects. The team members appeared to be doxxed, lending an air of credibility to the project.
The tweet was shared by 0xMario, a freelance developer who fell victim to the scam, and his post has gone viral, as several other users have come forward reporting similar scams.
The conversation shifted to Telegram, where detailed discussions about the game and job ensued, including introductions to other ‘team members.’ The scam unfolded further when the developer was asked to download a game launcher to experience an alpha version of MythIsland.
Exercising caution, the developer opted to run the launcher on a virtual Windows machine. The launcher appeared legitimate, with professional graphics and standard user interface elements. However, an error message requesting an update to the .NET Framework surfaced upon attempting to register.
Reporting this issue to the group posing as a team resulted in a suggestion to try another Windows machine. Following this advice, the developer encountered the same error on an old ThinkPad, leading to the scammers erasing all chats and blocking the developer, presumably upon realizing the unlikelihood of compromising the machines used.
The developer wisely treated the old laptop as fully compromised, planning to wipe it clean. Notably, the scammers had meticulously crafted social media profiles on Telegram and Instagram, with one claiming to be a former developer at Cosmos Network.
The incident underscores the warnings from blockchain security firms, which advise extreme caution when downloading files, particularly executables and scripts. The recommended practice is to use a virtual machine or an expendable computer for such downloads or to prefer secure methods like Google Docs for document transfers.
Source: https://crypto.news/developers-are-cautioning-against-a-deceptive-game-download-scam/