Fake ‘Pokemon NFT’ game infects PCs with malware
PC gamers have been waiting a Growlithe’s age to get a real Pokemon game, with naught but the likes of Temtem and Monster Crown to hold them over. But no matter how desperate you are to catch ’em all on your desktop, resist the urge to download sketchy executables from sketchy sites…especially if they’re using the questionable allure of NFTs to sucker you in. At least two have been spotted spreading remote access malware to players who want to be the very best.
Security researchers at ASEC (via Bleeping Computer) spotted two different Pokemon-themed websites inviting would-be Ash Ketchums to download executables for a digital version of the card game, only to install malware hidden behind the legitimate NetSupport Manager tool. Once installed, the Team Rocket-style malefactors could seize control of an infected PC with basic remote support tools, installing other malicious software and stealing user data at their leisure.
Distributing fake versions of popular games in order to seed malicious programs is nothing new, but suckering in players with the promise of profits from Pokemon-branded NFTs is particularly naughty. Not only has there been no indication that Nintendo or Pokemon developer Game Freak are interested in jumping on the non-fungible bandwagon, NFTs themselves are rife with pump-and-dump investment shenanigans and good old-fashioned theft. The bottom dropped out of the NFT market last year.
ASEC reported two separate URLs that hosted convincing fake presentations and PC downloads, with “pokemon-go” and “beta-pokemoncards” in their URLs. At the time of writing, both have been taken down. We’ll remind readers that while there’s no official version of the Pokemon RPGs available on any non-Nintendo device, and certainly no universe in which the Pokemon franchise is infected with NFT nonsense, there is a real PC version of the Pokemon Trading Card Game you can download and play for free.