Hackers leverage fake Pokémon NFT card games to hijack devices

January 12, 2023
Hackers Fake Pokémon NFT Card Games Gaming Device Hijack Trojan

Hackers are pushing an authentic-looking Pokémon NFT card games website to spread the NetSupport remote access tool and hijack Windows devices.

The website used by the threat actors is called pokemon-go[.]io and claims that it offers a new NFT card game based on the Pokémon franchise.

Researchers explained that the popularity of NFTs and Pokémon is a perfect mixture of lure to bait targets in their malicious campaigns.

 

The fake Pokémon NFT card games lure starts by prompting victims to download it.

 

Based on reports, potential targets that click the “Play on PC” button to download the fake Pokémon NFT card games will unintentionally install the NetSupport RAT on their system.

In addition, the operator of this campaign has a previous website called beta-pokemoncards[.]io, which also deploys the same malicious tool.

The threat campaign started to emerge last month, but some researchers claimed the campaign had pushed the NetSupport RAT through the fake Visual Studio file. The previous campaign also followed the same method in deploying the remote access trojan.

The NetSupport RAT executable and its dependencies are installed on a device in a new folder in the app data path. The threat actors also set the file as hidden to avoid detection from the victim’s default inspection.

Furthermore, the installer develops an entry in the Windows Startup folder to ensure the remote access trojan will still run upon system reboot.

Threat actors usually use the NetSupport RAT to bypass security software since it is a legitimate program. Hence, the actors could remotely connect a user’s device to steal data, install additional payloads, or try to get on another network.

As of now, threat actors have been attracted to using the NetSupport Manager as it is legitimate software that could provide them with numerous functionalities.

The NetSupport Manager support screen recording, connectivity options, network traffic encryption, system monitoring, and screen control. Therefore, a successful attack from a threat actor using NetSupport could cause severe damage to its victims and possibly download more malware strains.

Experts always emphasize that users should verify the legitimacy of any entity downloaded on the system to avoid getting compromised by such attacks.

About the author

Leave a Reply