Pokémon Card Game—not to be confused with the Pokémon Trading Card Game—isn’t a real game. It’s malware disguised as a Pokémon NFT game that’s designed to fool unsuspecting Pocket Monster fans into clicking on a compromising link. This malicious Fakémon installs remote control software on infected computers, which hackers can then use to access private user data and make your PC susceptible to more malicious attacks.
According to cybersecurity analysts at ASEC, via bleepingcomputer, hackers went as far as creating a pretty convincing fake website for their fake game and even a fake marketplace where you can claim and mint Pokémon Card NFTs. The fake site offers no real Pokémon NFTs, however, just headaches.
Clicking on the “Play on PC” button on the website (which we won’t link for obvious reasons) downloads an installer that, instead of installing a game, buries a tool called NetSupport Manager deep into your files. This essentially opens a back door into your PC.
To make matters worse, the malicious download has an official-looking Pokémon icon and file information, which would make it easy to convince someone who just downloaded the file, especially a young user, to open it. At the time of this post, the fake website for the Pokémon Card Game is still live.
This scam is convincing because a Pokémon NFT card game sounds like something that could be a real thing, given the popularity of Pokémon and NFTs. Nintendo expressed tepid interest in NFTs and the metaverse during a Q&A last year and hasn’t announced any NFT games, but a good fake could still fool someone who doesn’t keep up with the news.
Hackers will always try to find creative ways to get you to click on a bad link. Whether it’s a convincing pop-up ad or a strange email thread you’ve been CC’d on, play it safe and don’t click on anything. Except this link. That one’s totally safe.