BleepingComputer reports that there’s a fake Pixelmon NFT site out there that baits token enthusiasts with freebies. But once victims take the bait, their PC then gets infected with malware that steals passwords to their cryptocurrency wallets. But first, some background information. Pixelmon is an NFT project which involves making a metaverse game centred around collecting, training and battling with the eponymous pixelated creature pets. Not to be confused with a Minecraft mod with a similar name.
— MalwareHunterTeam (@malwrhunterteam) May 12, 2022 Going back to the malware, the people behind it made a fake website that looks very similar to the real Pixelmon website. Likely making use of its apparent popularity, the fake site claims to offer a demo of the game. There’s even a MacOS option that’s coming “soon” to add to the air of legitimacy. Hitting the download button instead results in a reportedly broken file named Installer.zip which wasn’t distributing malware. That being said, MalwareHunterTeam found other malicious files being distributed by the site, including one setup.zip, which contains another file called setup.lnk. That last one runs the command to download Vidar, a password-stealing malware that scrubs browsers and apps, as well as search for files that match specific names. Since this malware uses an NFT project as its front, it’s likely that the malware is made to look for and steal passwords for cryptocurrency wallets. Which is another reason to always be careful about clicking suspicious links or downloading suspicious files. While there haven’t been any reports of victims among Pixelmon aficionados yet, the same can’t be said about the Bored Apes Yacht Club. (Source: BleepingComputer via TechRadar)