Pokémon Card Game – not to be confused with the Pokémon Trading Card Game – is not a real game. It’s malware disguised as a Pokémon NFT game designed to fool unsuspecting Pocket Monster fans into clicking a compromising link. This malicious Fakémon installs remote control software on infected computers, which hackers can then use to access personal user data and make your PC susceptible to more malicious attacks.
According to cybersecurity analysts at ONE SECOND (opens in new tab)through beeping computer (opens in new tab), hackers even went so far as to create a pretty convincing fake website for their fake game and even a fake marketplace where you can claim and mint Pokémon Card NFTs. However, the fake site doesn’t offer real Pokémon NFTs, just headaches.
Clicking the “Play on PC” button on the website (which we won’t link to for obvious reasons) downloads an installer that, instead of installing a game, deep dives a tool called NetSupport Manager. buried in your files. This essentially opens a back door to your PC.
To make matters worse, the malicious download has an official-looking Pokémon icon and file information, which would make it easy to convince someone who just downloaded the file, especially a young user, to open it. At the time of this post, the fake Pokémon Card Game website is still live.
This scam is convincing because a Pokémon NFT card game sounds like something that could be really be a thing, given the popularity of Pokémon and NFTs. Nintendo showed lukewarm interest in it NFTs and the Metaverse (opens in new tab) during a Q&A last year and didn’t announce any NFT games, but a good fake could still fool someone who isn’t keeping up with the news.
Hackers will always try to find creative ways to get you to click on a bad link. Whether it’s a compelling pop-up ad or a strange email thread (opens in new tab) you’ve been put on CC, play it safe and don’t click anything. Except for this link (opens in new tab). It’s completely safe.