Cybercriminals are targeting Pokémon fans in a new campaign that uses a well-crafted NFT card game to gain remote access to their computers.
As reported by BleepingComputer (opens in new tab), two sites — pokemon-go[.]io and beta-pokemoncards [.]io – have been found distributing a new NFT card game built around the popular franchise. Fortunately, at the time of writing, both sites are no longer online but others distributing the game will likely pop up.
Pokémon and NFTs are popular with a wide audience and combining the two makes a lot of sense. However, the Pokémon Company isn’t involved at all with this new project and instead of letting you collect and trade your favorite pocket monsters, downloading the game actually allows cybercriminals to remotely take over your computer.
Pokémon fans that visit either site are prompted to click on a “Play on PC” button which downloads an executable file that appears to be a legitimate game installer. However, doing so actually installs the NetSupport remote access tool onto a user’s system.
First discovered by security researchers at ASEC who detailed their findings in a new report (opens in new tab), the campaign has been active since December of last year. Unlike with malicious apps and other tools used by cybercriminals to gain a foothold on users’ computers, NetSupport is a legitimate remote access program, often used for tech support.
As such, the executable used in this campaign is able to bypass security software. During its investigation, ASEC found that it was distributed via a phishing page and when installed on a user’s system, both its icon and version information are disguised to make it look like an actual Pokémon card game.
Once installed, the NetSupport remote access tool gives the cybercriminals behind this campaign full access to a victim’s computer and they can then steal data, install malware or try to spread to other devices on their network.
How to stay safe from hackers trying to access your computer remotely
Hackers and cybercriminals have been known to abuse remote access tools like NetSupport in order to drop malware, steal data and perform other malicious actions.
For instance, back in 2020, Microsoft warned that cybercriminals were using COVID-19-themed Excel files to install NetSupport on users’ computers. Likewise, in August of this year, a campaign targeting WordPress sites used fake Cloudflare DDoS protection pages to install NetSupport as well as the Raccoon Stealer malware.
In order to stay safe from these kinds of attacks, you need to be extra careful when downloading and installing new software onto your Windows PC. In this case, a quick web search would show you that the Pokémon Company isn’t working on NFT projects nor has it created an online card game using them. While most adults should be able to spot the signs that something like this is fake, the same can’t be said for kids which is why you should consider installing the best parental control software on their devices.
Although the best antivirus software might not stop you from downloading and installing the NetSupport remote access tool, it will keep you protected if hackers who have access to your system try to install malware or other malicious software on your PC.
The adage if something seems too good to be true, it probably is fits perfectly here. If the Pokémon Company was working on an NFT card game based around its highly successful franchise, you’d hear about it in the news first and the game would be found on the company’s official website.