Another Pokémon NFT scam is taking over the already controversial cryptoart market. This time, the copyright-infringing NFT project is being used to spread malware across customers’ computers, reveals a cybersecurity firm.
Pokémon NFT projects have popped up numerous times in the past. Just recently, another NFT scam was taken to court by The Pokémon Company; the cryptoart scam was almost instantly taken down.
Not only a popular franchise on its own, the brand’s central theme of collecting makes it perfect for NFT grifters to trick users into getting involved. However, they typically don’t include an unhealthy dose of malware with their cruddy digital “collectibles”.
Cybersecurity firm ASEC warned that the NFT game not only attempts to sell cryptoart of a brand it does not own, but also uses that brand to infect PCs with remote control software. Well disguised as a Pokémon TCG video game, the software infects your computer with NetSupport.
The NetSupport software is known as RAT malware, Random Access Trojan. Once installed, hackers can remotely access your PC, stealing personal files including text documents, images, passwords and more. The report claims that the malware is “being distributed from a phishing page disguised as one for a Pokemon card game”.
On the service’s fairly official-looking website, there’s a button to “Play on PC”. Clicking on this button will download an installation file for the fake game that places the malware on your computer. While it doesn’t entirely look legitimate, it’s faithful enough to trick unsuspecting fans of the franchise.
ASEC explains that fans of Pokémon should not download any applications from external sources. If you’re looking for a Pokémon TCG game on your PC, you should only install the official version right here.
Of course, with such a huge fanbase, Pokémon has a swarm of fan games online that are frequently downloaded. With this in mind, fans are obviously going to install non-official games. However, hopefully, many are smart enough to not fall for an obvious Pokémon NFT scam.