NFTs are not exactly something that is popular with gamers. This is especially when publishers push them onto gamers for no discernible reason. One example is Ubisoft’s Quartz being pushed onto Ghost Recon: Breakpoint. If you’re a gamer and you needed another reason to avoid NFTs, malware should be a good enough reason.
BleepingComputer reports that there’s a fake Pixelmon NFT site out there that baits token enthusiasts with freebies. But once victims take the bait, their PC then gets infected with malware that steals passwords to their cryptocurrency wallets.
But first, some background information. Pixelmon is an NFT project which involves making a metaverse game centred around collecting, training and battling with the eponymous pixelated creature pets. Not to be confused with a Minecraft mod with a similar name.
"Setup.zip" -> "Setup.lnk": 87211a5e4ca82a23b732305796446c53f3ba5cecbdf6ae46f687a164530529f2
Next stage: https://pixelmon[.]pw/system32.hta
🤔 pic.twitter.com/2HoeeqqiNi— MalwareHunterTeam (@malwrhunterteam) May 12, 2022
ADVERTISEMENT
Going back to the malware, the people behind it made a fake website that looks very similar to the real Pixelmon website. Likely making use of its apparent popularity, the fake site claims to offer a demo of the game. There’s even a MacOS option that’s coming “soon” to add to the air of legitimacy.
Hitting the download button instead results in a reportedly broken file named Installer.zip which wasn’t distributing malware. That being said, MalwareHunterTeam found other malicious files being distributed by the site, including one setup.zip, which contains another file called setup.lnk. That last one runs the command to download Vidar, a password-stealing malware that scrubs browsers and apps, as well as search for files that match specific names.
Since this malware uses an NFT project as its front, it’s likely that the malware is made to look for and steal passwords for cryptocurrency wallets. Which is another reason to always be careful about clicking suspicious links or downloading suspicious files. While there haven’t been any reports of victims among Pixelmon aficionados yet, the same can’t be said about the Bored Apes Yacht Club.
(Source: BleepingComputer via TechRadar)
