Prepare for Trouble! Fake Pokémon NFT Game Wants Your Private Info
Luring in NFT enthusiasts to download a fake game that installs remote control software and takes over your computer.
Prepare for trouble! And make it double!
This week security researchers at ASEC (via Bleeping Computer) spotted two different Pokémon-themed websites that invite users to download “.exe” files for a fake digital version of the Pokémon Trading Card Game that serves only to seize control of the user’s computer and steal their private data.
The fake game – Pokémon Card Game – is different from the official Pokémon Trading Card Game, in that it’s not actually a game.
In reality, it’s malware disguised as a Pokémon-themed NFT game that only wants you to click a compromising link that will immediately install remote control software on the infected computers, allowing hackers to gain access to private user data and open the computer up to future malicious cybersecurity attacks.
The social engineering tactic even went so far as to create what many describe to be a “pretty convincing” fake website, along with a fake marketplace where you can “claim” and “mint” Pokémon Card NFTs – again, with no actual Pokémon NFTs.
The downloader file (which we won’t link to for obvious security reasons) invites users to click on the “Play on PC” button, immediately installing a hidden tool called “NetSupport Manager” into the computer’s hard drive, opening up a backdoor to the computer.
While it’s not crazy to think that the world of Pokémon could eventually enter into the world of Web3, there hasn’t been any official announcement by The Pokémon Company or its subsidiaries of its plans to enter the space.
However, Pokémon Go developer Niantic, told The Verge last May that we could expect to hear more about crypto-based gaming from them in the future.
Last month, The Pokémon Company took an Australian crypto company, Pokémon Pty Ltd (aka Kotiota Studios) to federal court over the unauthorized use of its characters from the Pokémon franchise in an NFT game.
You can read more about the lawsuit here.