Scammers are taking advantage of the hype around Pixelmon to distribute password-stealing malware, researchers say.
MalwareHunterTeam cybersecurity researchers have found a fake Pixelmon site that claims to offer a playable demo of the game, but simply distributes the Vidar virus.
Pixelmon is a non-fungible token (NFT) project. A blockchain-based metaverse game, where players can collect and train their pixelated pets and then send them into battle against other players.
Target NFT enthusiasts
These types of projects are extremely popular these days, as the price of collectibles in the metaverse can run into the millions. Some join to try to make a quick buck, others because they want to be part of an emerging and potentially disruptive technology.
Whatever the reason, they are all potential targets. This particular project has over 200 Twitter followers and over 000 Discord members, making it one of the most anticipated projects in the metaverse.
The legitimate website is pixelmon.club, but MalwareHunterTeam found pixelmonpw, an apparently identical site. However, instead of offering the demo version of the game, the site offers an archive called Installer.zip, which contains an executable file.
Upon examining the site, the researchers discovered that the file was corrupted and did not distribute any malware. However, other files on the site helped investigators conclude that it was distributing Vidar.
Vidar is a password-stealing malware that has fallen into oblivion lately, according to the publication. Once executed, the malware will connect to a Telegram channel to retrieve the IP address of its C2 server.
From the C2 server, it will get a configuration command and download other modules, which are used to steal sensitive data from the target endpoint. Since it targets NFT enthusiasts, Vidar mainly searches for data related to cryptocurrency wallets, backup codes, password files, etc.
Currently, the site does not distribute a functional payload, but the researchers suspect that this is only temporary and it is only a matter of time before a new functional payload is provided. NFT enthusiasts and investors are advised to be very careful when visiting new pages and downloading content.
Via: BleepingComputer