NFT games have become quite popular thanks to their unique appeal; you get all the benefits of traditional gameplay but also get to collect in-game assets that can be traded and, in some cases, monetized. Sadly, the popularity of NFT games has created a market for fakes that try to dupe customers into playing and sometimes, steal from them.
Take the recent discovery of a malware scheme that is being distributed through a fake Pokemon NFT game. This scheme, along with its method of distribution, was reported by AHN Lab, a security company, in a January 6, 2023 blog post.
Spreading Malware Through Pokemon
For as long as computers have been widely used, malicious parties have worked to spread malware to unsuspecting users. Many methods have been used such as scam emails but the rise of digital assets like crypto and NFTs have sadly created a new avenue for such behaviour to thrive.
In the case of this identified malware, users are tricked into downloading what they think is an NFT game based on the Pokemon franchise. Unbeknownst to them, the game comes with a NetSupport Remote Administration Tool (RAT) which allows the hackers to control the program from anywhere. And the hackers having control within a users’ system does not bode well for the victims.
“When NetSupport RAT is installed, the threat actor can gain control over the infected system. Features supported by NetSupport by default include not only remote screen control but also system control features such as screen capture, clipboard sharing, collecting web history information, file management, and command execution. This means that the threat actor can perform various malicious behaviors such as extorting user credentials and installing additional malware,” the report says.
Therein lies the true danger of malware in that sensitive information can be extracted from the victim’s computer and they could potentially be blackmailed. In response to this discovery, AHN Lab has advised that users only accept downloads from reputable websites and not download attachments from suspicious emails. They are also advised to beef up their computer security to stop malware from corrupting their systems.
Big Franchises and NFTs
It is worth noting that just last month, the Pokemon franchise had to take legal action against an unauthorized NFT game that was floating about. While that game is not associated with the one spreading malware, it is interesting that the same franchise is being targeted for unofficial releases again.
At the same time, Pokemon is one of the biggest entertainment franchises in the world and sooner or later, someone would create some unauthorized NFT-related product, especially considering that the actual Pokemon franchise has now yet released any such project.
This just reinforces what AHN Lab has advised in that if fans of Pokemon or any other franchise want to enjoy NFT game versions of them, they should wait and only engage with official versions. Downloading and playing any unauthorised ones puts them and their computer systems at risk.