fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Pixelmon NFT Site Infects you with Password-stealing Malware

Fake Pixelmon NFT Site Infects you with Password-stealing Malware

A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets.

Pixelmon is a popular NFT project whose roadmap includes creating an online metaverse game where you can collect, train, and battle other players using pixelmon pets.

With close to 200,000 Twitter followers and over 25,000 Discord members, the project has garnered a lot of interest.

Impersonating the Pixelmon project

To take advantage of this interest, threat actors have copied the legitimate pixelmon.club website and created a fake version at pixelmon[.]pw to distribute malware.

This site is almost a replica of the legitimate site, but instead of offering a demo of the project’s game, the malicious site offers executables that install password-stealing malware on a device.

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

Fake Pixelmon website
Fake Pixelmon website
Source: BleepingComputer

The site is offering a file called Installer.zip that contains an executable that appears to be corrupt and does not infect users with any malware.

However, MalwareHunterTeam, who first discovered this malicious site, found other malicious files distributed by the site that allowed us to see what malware it was spreading.

One of the files distributed by this malicious site is setup.zip, which contains the setup.lnk file. Setup.lnk is a Windows shortcut that will execute a PowerShell command to download a system32.hta file from pixelmon[.]pw.

Setup.lnk contents
Setup.lnk contents
Source: BleepingComputer

When BleepingComputer tested these malicious payloads, the System32.hta file downloaded Vidar, a password-stealing malware that is not as commonly used as it was in the past. This was confirmed by security researcher Fumik0_, who has previously analyzed this malware family.

When executed, the threat actor’s Vidar sample will connect to a Telegram channel and retrieve the IP address of a malware’s command and control server.

Also Read: Don’t Be Baited! 5 Signs of Phishing in Email

Telegram channel containing C2 IP address
Telegram channel containing C2 IP address
Source: BleepingComputer

The malware will then retrieve a configuration command from the C2 and download further modules to be used to steal data from the infected device.

The Vidar malware can steal passwords from browsers and applications and search a computer for files that match specific names, which are then uploaded to the threat actor.

As you can see from the malware configuration below, the C2 instructs the malware to search for and steal various files, including text files, cryptocurrency wallets, backups, codes, password files, and authentication files.

Configuration commands retrieved from the C2 server
Configuration commands retrieved from the C2 server
Source: BleepingComputer

As this is an NFT site, the expectation is that visitors will have cryptocurrency wallets installed on their computers. Due to this, the threat actors emphasize searching for and stealing files related to cryptocurrency.

While the site is currently not distributing a working payload, BleepingComputer has seen evidence that the threat actors continue to modify the site over the past few days, as payloads that were available two days ago are no longer present.

Due to the activity on the site, we can expect this campaign to continue to be active and for working threats to be added soon.

With NFT projects being overwhelmed with scams designed to steal your cryptocurrency, you should always triple-check that the URL you are visiting is, in fact, related to the project you are interested in.

Furthermore, never execute any executables from unknown websites without first scanning them with antivirus software or using VirusTotal.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us