Security News > 2023 > January > Hackers push fake Pokemon NFT game to take over Windows devices
Threat actors are using a well-crafted Pokemon NFT card game website to distribute the NetSupport remote access tool and take control over victims' devices.
The website "Pokemon-go[.]io," which is still online at the time of writing, claims to be home to a new NFT card game built around the Pokemon franchise, offering users strategic fun together with NFT investment profits.
Those who click on the "Play on PC" button download an executable that looks like a legitimate game installer but, in reality, installs the NetSupport remote access tool on the victim's system.
This campaign's first signs of activity appeared in December 2022, while earlier samples retrieved from VirusTotal showed that the same operators pushed a fake Visual Studio file instead of the Pokemon game.
The installer creates an entry in the Windows Startup folder to ensure the RAT will execute upon system boot.
In August 2022, a campaign targeting WordPress sites with fake Cloudflare DDoS protection pages installed NetSupport RAT and Raccoon Stealer on victims.