Malware, a short-term word for malicious software, has plagued the computer industry for decades. The introduction of new and exciting technologies has allowed malware to undertake massive evolution. This can be seen in the case of the well-known NFT project, Pixelmon.

According to a lowyat.net article, Pixelmon is an NFT project which involves making a metaverse game centred around collecting, training and battling with the eponymous pixelated creature pets. This NFT game has a website. Hackers built a website impersonating the original Pixelmon website to exploit users.

NFTs: What are they and what makes them possible

A unique cryptographic token that exists on the blockchain and cannot be replicated, NFTs have become widely popular and highly valuable in the form of digital art. An acronym standing for Non-Fungible Tokens, NFTs are valuable because they are scarce. They work like collectables. That means, no two NFTs are identical, hence the term “Non Fungible”.

Over the last 10 years, Cryptocurrencies have taken the world by storm. Tokens such as ETH, Bitcoin and even popular meme coin dogecoin have seen spikes in value well over 200 per cent at their peak. But these technologies are not simply new ways for modern-day investors to make more money. Cryptocurrencies are built on a very useful technology called the Blockchain.

What is blockchain? 

According to IBM, the blockchain is defined as, “a shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network.” The blockchain works differently from centralized databases in that instead of storing data in tables, it stores data in blocks. Data is added to a block until that block is full. When a block is full, a new block is made and when that new block is full, the block is chained together with the other block forming a cryptographic chain in a chronological fashion. Hence the name, Blockchain.

Given that blockchain is decentralized, its way of storing data makes for an irreversible timeline. This makes it almost impossible to tamper with. As such the blockchain is able to generate trust without the need for a third party to verify transactions. This has allowed many exciting new technologies to thrive on these levels of security. One such technology is the previously mentioned NFTs. NFTs run mostly on the Ethereum blockchain, with other blockchains such as Solana still used but not quite as popular. 

How do NFTs work?

NFTs are mostly used in the world of digital art. They can be anything from a digital drawing to a tweet to a song, although digital drawings are where the real money is these days. When a digital drawing is made into an NFT, it becomes a form of data with a unique digital signature. Then that drawing’s authenticity is verified.

This means it is the only one of its kind. Non Fungible! Any replicas made of that drawing no matter how identical will not be the original. Besides their scarcity, NFTs also have value because their communities believe they do. From this, it can be clear that NFTs work a lot like physical art and are a form of art themselves. Physical art rises in value, and so do NFTs. It is because of this value that they are so sought after. And since everyone is talking about them, a vulnerability is presented for hackers to exploit. 

Fake website impersonating the original site

Hackers are using the buzz of NFTs to attract interested internet users to dangerous sites and services. And this is exactly what happened with the case of Pixelmon. 

This fake Pixelmon website works to impersonate the original Pixelmon website. An NFT game, Pixelmon has already built trust with a loyal fan base. That is the vulnerability the attackers look to exploit. 

The fake website looks very similar to the original. Furthermore, this fake website claims to offer a demo version of the game with a download link provided. This is where the Mayhem begins.

According to the lowyat.net article, once a user clicks the download button, a broken file with the name installer.zip is downloaded. And even though this broken file does not distribute any Malware, the fake website was found to also be distributing malicious files. One of the files distributed is a file named setup.lnk. This file runs a command to download a file named Vidar. Vidar is password-stealing malicious software that scrapes a user’s applications and files for any sensitive information. 

It is suspected that the malware looks to obtain passwords for its victim’s crypto wallets. Especially given the target audience is most likely a bunch of crypto enthusiasts. Even though there have been no reports of any victims of this scheme, Users still need to protect themselves and reduce any potential vulnerabilities so as to ensure these hackers cannot get to them. 

Our Advice

Given the nature of this scheme, one can easily get duped into believing what they see and acting on it. This is why we advise all internet users to be more vigilant and less agreeable when on the internet. Ensure to counter-check any suspicious-looking links and not to click them.

Users must also be wary of downloading any suspicious files. If you are a member of a community and are awaiting a product, always ensure to check with other members of that community if you stumble across an identical site claiming to have that product released. Question everything, it will not guarantee your absolute safety from such scams, but it will ensure you as a user are less susceptible to the threats of these scams.


Condition Zebra Sdn Bhd is a company incorporated in Petaling Jaya, Malaysia, serving clients nationally and internationally. We are a CREST-certified and ISO 27001:2013 company that offers Professional Cybersecurity Solutions, Cybersecurity Training and Secure Software Development Lifecycle (SSDLC) for public and private SMEs in various industries, including Financial Services (Banks & Insurance), Government Ministries & Agencies, and Government-linked companies.

Please reach out to us to protect and secure your company’s IT infrastructure, such as network, server, web & mobile apps, Internet (WiFi) and others.

Learn about our online training:

Network Penetration Testing is suitable for participants that have prior experience in setting up, managing or securing an organization’s network.

Web Penetration Testing is suitable for participants that have basic programming language skills and prior experience in managing, developing, or testing web applications.

Share this: