iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hackers have launched a fake Pokémon game and are using it as a vessel to distribute a remote access tool (RAT) and gain control of Windows devices.
Aiming to draw users in on both the popularity of Pokémon and the potential financial gain of NFTs, Pokemon-go[.]io allows users to download what they believe is the game’s installer by clicking the “Play on PC” button.
Instead, those who open the proverbial Poké ball and try to download the game will unknowingly install the NetSupport RAT, allowing bad actors to take control of the victim’s device.
The use of Pokémon as a draw poses an additional risk, with the scam enticing young children, who are less likely to be able to identify a non-legitimate website.
NetSupport RAT is a legitimate program that was designed for use by administrators, allowing them to remotely access devices and fix issues. It is a powerful tool that allows for screen recording, remote control, system monitoring, network traffic encryption and much more.
However, bad actors are well known to abuse the software to gain control of victims’ devices and lock them and steal data in return for a ransom, as well as for other intentions.
Once a victim downloads and runs the “client32.exe” installer, the software is installed in the hidden %APPDATA% path, which is home to important files such as application settings. Furthermore, the software files are set to hidden, making it hard for victims to find.
The Windows Start-up folder is also modified so that it runs upon the system booting up.
The fake game first appeared in 2022, following in the footsteps of a similar scam by the same operators which advertised a file for Adobe Visual Studio.
The AhnLab Security Emergency-response Center (ASEC) discovered the scam, revealing that the executable was originally available on a second website — betapokemoncards[.]io. The second site has since gone offline.
Be the first to hear the latest developments in the cyber industry.
