Malware: Pokémon NFT Games Tricks Users To Download Into PCs

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 09, 2023 03:20 pm PST

A skillfully designed website for the Pokemon NFT card game is being used by threat actors to disseminate the NetSupport remote access tool and commandeer victims’ devices. The “pokemon-go[.]io” website, which is still active as of this writing, advertises a brand-new NFT card game based on the Pokemon franchise that gives players both strategic enjoyment and NFT investment gains.

It shouldn’t be difficult for the owners of the malicious portal to attract users to the site through malspam, social media posts, etc., given the popularity of both Pokemon and NFTs. When users click the “Play on PC” button, an executable that appears to be a legitimate game installer is really installed on the victim’s computer by NetSupport, a remote access tool.

The operation was discovered by analysts at ASEC, who also claim that a second website, “beta-pokemoncards[.]io,” was used in the campaign but has since been taken offline.

The first indications of this campaign’s activity surfaced in December 2022. However, previous samples obtained from VirusTotal revealed that the same operators had really been pushing a fake Visual Studio file rather than the Pokemon game.

How Fake ‘Pokémon NFT’ Spreads Malware On Computers

Although distributing false copies of well-known games in order to spread harmful software is nothing new, luring users in with the promise of money from NFTs with the Pokemon name is particularly impolite. Not only has there been no sign that Game Freak, the company behind Pokemon and Nintendo, is interested in joining the non-fungible bandwagon, but NFTs themselves are plagued with pump-and-dump investment scams and plain old larceny. Last year, the NFT market hit its low.

The terms “pokemon-go” and “beta-pokemoncards” were used in the URLs of two different websites that housed convincing false presentations and PC downloads, according to ASEC. Both have been removed as of the writing of this sentence. There is a legitimate PC version of the Pokemon Trading Card Game that you can download and play for free, despite the fact that there is no official Pokemon RPG available on any non-Nintendo device, and there is undoubtedly no universe in which the Pokemon franchise has been infected with NFT nonsense.

How the NetSupport RAT is used by Hackers

The client32.exe NetSupport RAT executable and its dependencies are set up in a brand-new folder under the %APPDATA% directory. They are set to “hidden” to make it easier for victims who manually inspect the file system to miss them. In order to guarantee that the RAT will run when the system boots, the installer also adds a line to the Windows Startup folder.

Threat actors frequently employ NetSupport RAT (NetSupport Manager), an open program, in the hopes that it will bypass security measures. Threat actors are now able to remotely connect to a user’s device in order to steal data, install further malware, or even make an attempt to spread over the network.

Although NetSupport Manager is a genuine piece of software, threat actors frequently employ it as part of their nefarious operations. Microsoft issued a warning in 2020 about phishing scammers employing Excel files with COVID-19 themes that installed the NetSupport RAT on its victims’ systems.

In August 2022, NetSupport RAT and Raccoon Stealer were installed on victims via an operation that targeted WordPress sites with phony Cloudflare DDoS protection pages.

Remote screen control, screen recording, system monitoring, remote system grouping for easier management, and a wide range of connectivity options, including network traffic encryption, are all supported by NetSupport Manager. Nevertheless, the effects of such an infection are severe and wide-ranging, mainly including illegal access to private user data and downloading more malware.

How To Protect Your Computer Against Unauthorized Access

Some of the techniques to safeguard your computer against hackers and unauthorized access are listed below:

  • Use secure passwords: Switch them out frequently; long passwords with various characters, digits, and symbols are considered strong passwords. Avoid using words that are easily thought of, such as your name and the names of your child or pet. 
  • Check operating systems and other programs are up to date: This protects you from hackers who might use software bugs to their advantage in order to access your computer. You can use Microsoft product updates to help you stay current with the Office Suite. 
  • Install and update a reliable antivirus application: Your computer can be shielded from malware (malicious software) by antivirus software if hackers attempt to install it on it.
  • Use a firewall:  Ideally, one that is hardware-based and integrated into your network. A firewall prevents unauthorized internet users from accessing your computer.
  • Exercise caution: Even if they seem to be from individuals you know, when downloading files, opening email attachments or clicking on links. Always be careful while at it. 
  • Strong password: Protect your wireless network. Any data flowing through your wireless network, including your passwords, financial information, and personal and commercial data, can be eavesdropped on by a hacker who gains access to your network.
  • Unauthorized calls or emails: Cybercriminals frequently attempt to phish for private data like credit card numbers or Social Security numbers by posing as representatives of a reliable organization or agency. Never provide personal information in response to such demands without first confirming the caller’s legitimacy.
  • Use two-factor authentication: This is an additional layer of security by requiring something you know, like your password, and something you have, like a code, sent to your phone or a physical token.

These are just a few of the tools and techniques you can use to safeguard your computer against hackers. You can make it far more difficult for them to access your data, steal your identity, or take your money by heeding their advice. Be careful out there!


In a recent campaign, cybercriminals are going after Pokémon enthusiasts by using a clever NFT card game to get remote access to their computers. A new NFT card game based on the well-known franchise has been found to be distributed on two websites: pokemon-go[.]io and beta-pokemon cards [.]io. Fortunately, neither of the sites is active, but other ones will probably start to offer the game.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x