ASEC: A Fake Pokemon Featured NFT Game is Controlling User Devices

A cyber security firm exposed a phishing website that offers a Pokemon-featured Non-Fungible-Tokens (NFT) card game. Apparently, the criminals were passing malware onto gamers’ devices via these NFTs. 

According to Japanese media, the phishing website “pokemon-go[.]io,” is still online and has an NFT marketplace, including a link that redirects to buy tokens and provides an opportunity to stake NFTs.

The hacker’s mind game 

AhnLab Security Emergency Response Center (ASEC), an arm of AhnLab and a cyber-security firm, stated in a blog on January 06th that gamers were indirectly downloading a remote access tool that can control users’ devices.

A remote access tool called’ Netsupport’ can be installed and used by any user; it’s a normal application to control other devices used in corporate companies. Mostly, IT engineers of any corporate company use this application to support their employees who are working from home. 

The tool could be exploited by malicious organizations or individuals to steal data from individuals or even organizations. The application is transferred to a computer system discreetly.

Source: ASEC Blog, January 06th

The ASEC report mentioned that “The following is the phishing page disguised as one for a Pokemon card game, and you can see the “Play on PC” button down below. When the user clicks this button to install the game, instead of the Pokemon card game, NetSupport RAT is downloaded.”

Pokemon games, animation series, and NFTs are popular globally. It’s not hard for hackers to attract gamers to their phishing websites. Gamers visit this website through social media, malspam and many more sources. 

ASEC reported that the fake pokemon card scheme was started in December 2022. The ASEC analysts examined several files and found that another phishing website also existed and operated the same way as the current website is operating.

The analysts examined the relevant files with the help of ASD (AhnLab Smart Defense) infrastructure and the VirusTotal tool. As per local media, the second website, ‘beta-pokemoncards[.]io’, has been taken offline.

These two websites are not only the websites that exist in the ecosystem. There could be other websites based on some other popular cartoons or animations that users must be wary of before installing on their devices.

Technology is getting more advanced, and the crypto industry is introducing new things. It’s obvious that many bad actors have shifted from social media or any other industry to the crypto industry with some bad intentions. 

Being a responsible crypto user, it is the responsibility of every user not to take anything casually. It’s for their own safety, as there was a very famous saying, “precaution is better than cure.”

Steve Anderrson
Latest posts by Steve Anderrson (see all)

Source: https://www.thecoinrepublic.com/2023/01/10/asec-a-fake-pokemon-featured-nft-game-is-controlling-user-devices/