Hackers are using the Pokemon universe’s continued popularity and the bizarre rise of non-fungible tokens (NFT) to trick people into installing Remote Access Tools (RAT), taking over their devices and stealing any valuables they could find .
ASEC cybersecurity researchers recently discovered at least two malicious websites – beta Pokémon cards[.]io and Pokemon Go[.]io pretends to host a Pokemon game that also offers NFT cards that can be traded, eventually for a profit.
The websites have since been shut down, but while they were active they had a download button called ‘Play on PC’ which propagated NetSupport.
Distributing NetSupport
In theory, NetSupport is legitimate software. It is Windows-based and enables cross-platform remote access, allowing IT admins and technicians to remotely access various endpoints and troubleshoot potential issues. The program supports Windows, Windows Mobile, Mac, Linux and Solaris.
In practice, NetSupport is used by threat actors to gain unauthorized access to targeted systems. The first signs of activity in this campaign came in December last year. Earlier samples from VirusTotal, which the publication also found, showed the same operators pushing a fake Visual Studio file instead of the Pokemon game.
The identity of the threat actor behind the campaign remains unknown.
Non-fungible tokens are part of a broader cryptocurrency market and as such are a prime target for scammers and hackers. Recent research has shown that the Web3 industry (decentralized internet based on blockchain, the same technology that powers NFTs) lost nearly $4 billion to fraud and cybercrime in the past year.
As more organizations began building new systems, scammers quickly came out of the woodwork, and now Web3 bug bounty provider Immunefi has claimed that exactly $3,948,856,037 worth of cryptocurrencies broke through the Web3 ecosystem in 2022 Scams, hacks and scams have been lost. The silver lining, the researchers say, is the fact that overall losses have fallen by more than half (51.2%) year over year. In 2021, the industry had lost $8,088,338,239.
However, the constant fight against scammers is not slowing down the growth of the industry. Immunefi expects it to grow from $3.2 billion last year to $81.5 billion over the next seven years, a CAGR increase of 43.7%.
Above: Beeping computer (opens in new tab)
