Fake Pixelmon NFT site infected with password-stealing malware
To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.
According to a report from Bleeping Computer, an authentic-looking Pixelmon NFT website offering collectibles and tokens for free is a honeypot that downloads malicious password-stealing software to users’ computers.
Pixelmon is a Pokemon-inspired, blockchain-based RPG that lets players traffic in Pixelmon creatures as nonfungible tokens (NFTs). It’s surprisingly popular given its inauspicious beginning, which, as CNET noted, made it a “laughingstock” on social media after the game’s low-quality images were revealed.
Pixelmon has around 25,000 members and about 200,000 followers between its Discord and Twitter accounts. For the cybercriminals who set up the malware-infested site, that’s a pretty large pool of potential victims.
Bleeping Computer explains how scammers set up the fake:
“To take advantage of this interest, threat actors have copied the legitimate pixelmon.club website and created a fake version at pixelmon[.]pw to distribute malware… This site is almost a replica of the legitimate site, but instead of offering a demo of the project’s game, the malicious site offers executables that install password-stealing malware on a device.”
Security researchers specializing in malware detection found several malicious payloads connected to the site, including the Vidar password-stealer. If this makes it onto your machine, it will start funneling loads of sensitive data back to the bad actors’ command and control servers. This makes NFT collectors especially vulnerable because it could lead to a compromised cryptocurrency wallet.
It’s worth echoing a warning from Bleeping Computer that NFT-related websites are delicious targets these days, so it’s a good idea always to make sure you’re visiting the site you were seeking. It’s an easy bet to say that this isn’t the only fake, and scammers will keep making them as long as they can make a buck or three off the unwary.
Read related posts:
- Game Space startup onboards game developers into Web3
- Crypto giant pressures elderly Carl Sagan fan into selling wormhole.com for $50K
- Sony reveals vision of Metaverse as ‘social space and live network space’
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.