Hackers introduced the fake Cthulhu World P2E crypto game

September 8, 2022
Hackers Fake Cthulhu World P2E Crypto Game

Threat actors have developed the fake Cthulhu World P2E (Play-to-Earn) game that infects unaware targets with numerous payloads. Based on reports, Cthulhu World’s deployed infection includes malicious payloads such as AsyncRAT, RedLine malware, and Raccoon Stealer.

According to researchers, the hackers have distributed its campaign through the social media platform Twitter to notify all victims with updates regarding the fake P2E game.

 

Cthulhu World P2E is a scam that reaches different websites.

 

The Cthulhu World P2E authors have also created websites, social media accounts, Discord groups, and a Medium developer site to make an impression that it is a legitimate game.

The attackers have piqued users’ curiosity by contacting them on their Twitter accounts. The threat actors invited these social media users to participate in trying the brand-new Play-to-Earn game.

To make things more attractive, the adversaries promised the first users to pay them with Ethereum if they tried the game.

Additionally, on the game’s website, the hackers will introduce new visitors to the information and the game’s project, along with the interactive maps and gameplay. However, the website will spoof the Alchemic World that has warned users against it.

The infection will start if a user clicks the arrow in the upper right corner of the website. Once they click the arrow, they will be redirected to a page that requests a code to download the project’s alpha test.

The hackers will then share these codes with potential targets through Twitter DMs. Subsequently, the codes will also be listed in the website’s source code. One of three files that contained different malware will be downloaded from the DropBox depending on the code entered.

These three files can potentially install the RedLine Stealer, Raccoon malware, or AsyncRAT.

Play-to-Earn online games have continued to blossom. Fake communities have taken many into deep confusion. Experts recommended that any user who visited the website of Cthulhu World and downloaded its software should run an AV scan on their devices to locate any malicious payload.

Lastly, users are advised to change all passwords for their accounts and create new wallets to safeguard their cryptocurrency.

About the author