News Report
May 16, 2022

Fake Pixelmon NFT site infected with password-stealing malware

Cybersecurity image featuring lock and globe with circuits superimposed over them
Image by Tumisu / Pixabay

According to a report from Bleeping Computer, an authentic-looking Pixelmon NFT website offering collectibles and tokens for free is a honeypot that downloads malicious password-stealing software to users’ computers.

Pixelmon is a Pokemon-inspired, blockchain-based RPG that lets players traffic in Pixelmon creatures as nonfungible tokens (NFTs). It’s surprisingly popular given its inauspicious beginning, which, as CNET noted, made it a “laughingstock” on social media after the game’s low-quality images were revealed.

Pixelmon has around 25,000 members and about 200,000 followers between its Discord and Twitter accounts. For the cybercriminals who set up the malware-infested site, that’s a pretty large pool of potential victims.

Bleeping Computer explains how scammers set up the fake:

To take advantage of this interest, threat actors have copied the legitimate pixelmon.club website and created a fake version at pixelmon[.]pw to distribute malware… This site is almost a replica of the legitimate site, but instead of offering a demo of the project’s game, the malicious site offers executables that install password-stealing malware on a device.”

Security researchers specializing in malware detection found several malicious payloads connected to the site, including the Vidar password-stealer. If this makes it onto your machine, it will start funneling loads of sensitive data back to the bad actors’ command and control servers. This makes NFT collectors especially vulnerable because it could lead to a compromised cryptocurrency wallet.

It’s worth echoing a warning from Bleeping Computer that NFT-related websites are delicious targets these days, so it’s a good idea always to make sure you’re visiting the site you were seeking. It’s an easy bet to say that this isn’t the only fake, and scammers will keep making them as long as they can make a buck or three off the unwary.

Read related posts:

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Managing editor, mpost.io. Former Deputy Digital Editor, Maxim magazine. Bylines in Observer, Inside Hook, Android Police, Motherboard. Author of official "Better Call Saul" tie-ins "Don't Go to Jail," and "Get off the Grid."

More articles
Steve Huff
Steve Huff

Managing editor, mpost.io. Former Deputy Digital Editor, Maxim magazine. Bylines in Observer, Inside Hook, Android Police, Motherboard. Author of official "Better Call Saul" tie-ins "Don't Go to Jail," and "Get off the Grid."

Hot Stories
Join Our Newsletter.
Latest News

Supply and Demand Zones

Cryptocurrency, like any other currency, is a financial instrument based on the fundamental economic principles of supply ...

Know More

Top 10 Crypto Wallets in 2024

With the current fast-growing crypto market, the significance of reliable and secure wallet solutions cannot be emphasized ...

Know More
Join Our Innovative Tech Community
Read More
Read more
Parcl Unveils Tokenomics Ahead of PRCL Launch, Allocates 75M Tokens to Point Holders
News Report Technology
Parcl Unveils Tokenomics Ahead of PRCL Launch, Allocates 75M Tokens to Point Holders
March 28, 2024
Circle to Introduce Native USDC On zkSync Network for Enhanced Liquidity
News Report Technology
Circle to Introduce Native USDC On zkSync Network for Enhanced Liquidity
March 28, 2024
GoPlus Report Unveils How Utilization of API Security Data by Blockchain May Communities May Aid in Addressing Web3 Threats
News Report Technology
GoPlus Report Unveils How Utilization of API Security Data by Blockchain May Communities May Aid in Addressing Web3 Threats
March 28, 2024
Binance Completes Stratis Token Swap and Redenomination, Initiates STRAX Trading and Borrowing Services
News Report Technology
Binance Completes Stratis Token Swap and Redenomination, Initiates STRAX Trading and Borrowing Services
March 28, 2024
What You
Need to Know

Subscribe To Our Newsletter.
Daily search marketing tidbits for savvy pros.