Cybercriminals use fake Pokemon NFT card game to access gamers’ PCs

A recent security report has revealed that hackers have developed a fake Pokemon NFT card game that allows them to access the users’ PCs remotely through a remote access tool.

Fake NFT card game goes viral

Hackers have reportedly taken advantage of the famous Japanese media franchise, Pokemon, fans by launching a fake NFT card game. The phishing page was flagged by a South Korean cybersecurity company called Ahnlab and its emergency response unit ASEC. 

According to an ASEC report, the hackers tried to sell the cards as NFTs. Users had to install a remote access tool known as NetSupport Manager to access the cards. The software device gave the hackers on the other end access to the PCs that installed the software.

The malware used in the website is a tool that threat actors have commonly abused to exploit users’ computers. The tool is typically distributed through phishing and spam emails. In this regard, the ASEC team identified that the NetSupport tool was maliciously being spread from a peculiar website branded with Pokemon’s famous characters, including Pikachu.

The website was well-designed and branded to the extent of convincing NFT enthusiasts and Pokemon lovers to give in to the scam. Hackers use the remote access tools, such as TeamViewer and Anydesk, to get personal information from oblivious users, including credit card information and bank account details.

Pokemon strives to protect its brand

Pokemon is working hard to protect its brand. In December, the company initiated a legal battle against the Kotiota game developers of PokeWorld, for illegal trademark infringements. 

According to Pokemon, Kotiota Studios allegedly advertised the play-to-earn game using Pokemon characters like Pikachu. The company also added that it had not affiliated with the game developers in any way.