Pokemon NFT card game malware chooses you
Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs.
The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles, and tying this kind of scam to such a well known brand as Pokemon is going to potentially catch more than a few people out. The Pokemon trading card game is the biggest of its kind of all time, so this is a huge hook for scammers. There’s also the real version of Pokemon TCG online.
Fake card games: not just a threat for children
At the risk of going all “BIFF! BAM! POW! Comics aren’t just for kids anymore” on you: this isn’t necessarily something aimed at young children. That’s despite the Pokemon stylings. Not many youngsters are going to be considering getting into NFTs, and the franchise has been around since the mid 90s. This means there will be people in their mid 40s who played some version of Pokemon as a teen. The malware authors have a fairly big demographic slice to choose from here as a result.
Are you in your 20s and curious about non-fungible tokens? An older gamer who’s thinking nostalgically about Pocket Monsters Red and Green? A teen who saw something about a Pokemon card game is now bugging their parents to sign up?
Unfortunately, this means you’re all potential targets.
Staking a non-existent NFT claim
The bogus sites claim to offer a wide variety of NFT services including a marketplace and NFT staking area. Unfortunately, clicking on the “Play on PC” button does nothing but download a fake game installer. When executed, it installs a NetSupport remote access tool designed to run at system boot.
The tool, which is a genuine program, is being misused here by the attackers in order to remotely connect to the victim and steal their data or perform other additional malicious tasks. As Bleeping Computer notes, the tool also allows for screen recording, system monitoring, and remote screen control. There’s also clipboard sharing and web history collection to account for.
A last swing and a miss for NFT scams?
This may be an odd scam to try at first glance, given how badly NFTs are doing across multiple spaces at the moment. Indeed, the NFT market has pretty much collapsed with no expectation of things improving anytime soon. Nevertheless, Pokemon has a huge audience and online card games tend to have a strong sense of Miss It, Miss Out (MIMO) about them. This is especially the case in competitive games where certain cards are rare, or the game provides a mechanism to buy random cards in packs and see what you end up with.
In this case, we have scammers selling potential victims on a card game where they can make money and buy into a rare loot drop mechanism as part of the gameplay. What this means in practice is that this heady mixture of risk / reward bolted onto nice looking digital cards will be irresistible for some.
All in all, this is definitely not something you want choosing you. Sorry, Pikachu.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.