Asking potential victims to test their game, players are directed to download a code for running it on their systems. And when done, they’re all robbed by emptying their connected cryptocurrency wallets in the system.

A Whole Game For Making Players Trust

Play-to-earn games are becoming so popular lately since they offer freebies in terms of cryptocurrencies or NFTs for playing such games. And this opportunity is perfectly cashed by unknown threat actors, who are seen draining victims’ cryptocurrency wallets in the name of a new game. As spotted by a cybersecurity researcher named iamdeadlyz, the campaign is all about a fake game called “Cthulhu World“. Threat actors start by sending direct messages to potential players on Twitter, asking them to test their new game in return for Ethereum rewards.

Cthulhu WorldCWorldP2E (id: 1559535183753367552)/cthulhu-world.com#RaccoonStealer, #AsyncRAT, & #RedLineStealer pieces of malware in one fake P2E game project. Armed with several alt accounts for setting the bait… pic.twitter.com/6u4sSo9CGK — iamdeadlyz.pcc.eth | YGG (@Iamdeadlyz) August 25, 2022 As they visit the site, they’re greeted with perfect animations and details about their project with an interactive map of the game’s environments. Well, this was said to be pulled from another legitimate game called Alchemic World project, which issued a warning for such clones earlier. To make people believe, the threat actors have even created Discord groups, social accounts, and a Medium developer site too. Upon visiting the site, players are asked to download a code, claiming that as the “alpha” test of their project. And running this will have one of three stealer malware downloaded to the victim’s machine from DropBox. Based on the target, hackers inject either of these three malware – AsyncRAT, RedLine Stealer, and Raccoon Stealer. These are sophisticated data stealers, which can also grab the victim’s cryptocurrency wallet addresses and funds within – and some got stolen too already. As of writing this, the game’s Discord group is still up, while their website is down.

— isharif | ०४०.eth (@imran_s_rizvi) August 18, 2022 Infected users – like those who ran the code in their systems – should immediately scan for it and remove it upon finding it. Since this stealer malware can grab saved passwords, cookies, and crypto wallets, you’re advised to reset them all and create new wallets to import your cryptocurrency.

A Fake Play to Earn Game is Robbing Players  Cryptocurrencies - 28