Pokémon is probably the most well know names in pop-culture. When anything new is released about the franchise people flock to it no questions asked. Well, that seems to have landed some people in a bit of trouble. As reported earlier by Bleepingcomputer A new website for Pokémon NFTs, promising fun and NFT investments, has been created with malware baked into its installer.
The website “pokemon-go(dot)io”, shown below, is a well made site that could fool even the most eagle-eyed visitor. The site shows various Pokémon cards and a link to download the installer for Windows. Once the user clicks the download button the executable that is downloaded is the support tool called NetSupport Manager, disguised with the name “Client32.exe” when installed the dependences are stores in the %AppData% folder and are set to a hidden attribute. A schedule in Task Scheduler is also create so the NetSupport RAT will load automatically. While this NetSupport Manager is not a malicious program by nature the threat actors are using the legitimate program in a naivarious ways as a method to evade antivirus and malware detection programs. ASEC is credited with the discovery of this malware and posted an inadept article related to it.
As always, make sure to vet any software before installing it on your computer. Have current backups of your system and make sure your antivirus/malware suite is up to date.
