Frame-14

Privacy Ninja

Fake ‘Cthulhu World’ P2E Project Used to Push Info-stealing Malware

Fake ‘Cthulhu World’ P2E Project Used to Push Info-stealing Malware

Hackers have created a fake ‘Cthulhu World’ play-to-earn community, including websites, Discord groups, social accounts, and a Medium developer site, to distribute the Raccoon Stealer, AsyncRAT, and RedLine password-stealing malware infections on unsuspecting victims.

As play-to-earn games rise in popularity, scammers and threat actors increasingly target these new platforms for malicious activities.

Such is the case with a new malware distribution campaign discovered by cybersecurity researcher iamdeadlyz, where threat actors created a whole project to promote a fake play-to-earn game called Cthulhu World.

Also Read: Vulnerability assessment Singapore: The complete checklist

To promote the “project”, threat actors are sending direct messages to users on Twitter asking if they would like to perform a test of their new game. In return for testing and promoting the game, iamdeadlyz says that the threat actors promise a reward in Ethereum.

Twitter DMs promoting the fake P2E game
Twitter DMs promoting the fake P2E game
Source:  iamdeadlyz

When visiting the cthulhu-world.com site, which is now down, users are greeted with a well-designed website, containing information about the project and an interactive map of the game’s environments.

Cthulhu World website
Cthulhu World website

However, this site appears to be a clone of the legitimate Alchemic World project, which has been warning users to stay away from the fake project.

The Cthulhu World website also has a big difference; when a user clicks on the arrow in the upper right-hand corner of the site, the visitor will bring them to a webpage asking for a code to download the “alpha” test of the project.

The threat actors share these codes with prospective victims as part of their DM conversations on Twitter. A list of the access codes is also found in the site’s source code, as shown below.

Access codes for the various downloads
Access codes for the various downloads
Source: BleepingComputer

Depending on the code entered, one of three files will be downloaded from DropBox.

Also Read: The IMDA urges more businesses to sign up in its anti-SMS spoofing registry

Download links embedded in the site source code
Download links embedded in the site source code
Source: BleepingComputer

Each of the three files installs a different malware, likely allowing the threat actors to pick and choose how they wish to target a particular user. The three malware identified by AnyRun installs are AsyncRATRedLine Stealer, and Raccoon Stealer.

The website for Cthulhu World is currently down, but their Discord remains active. It is unclear who on this Discord is aware that the site is distributing malware, but some users clearly believe this is a legitimate project.

As RedLine Stealer and Raccoon Stealer are known to steal cryptocurrency wallets, it is not surprising to find that some victims have already had their wallets cleaned out by this scam.

If you have visited Cthulhu-world.com and downloaded any of their software, you should immediately run an antivirus scan on your computer and remove anything detected.

Furthermore, as these malware infections steal your saved passwords, cookies, and crypto wallets, you should reset all passwords and create new wallets to import your cryptocurrency.

Ultimately, though, the wisest course of action is to reinstall your computer from scratch, as these malware infections provide full access to an infected computer, and other undetected malware may still be installed.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× Chat with us