Hackers have created a fictitious 'Cthulhu World' Play-to-Earn (P2E) community to infect unaware victims with the Raccoon Stealer, AsyncRAT, and RedLine malware. A cybersecurity researcher discovered the latest malware distribution campaign and notified all users through Twitter.
The P2E scam
The phony community of Cthulhu World has websites, Discord groups, social media accounts, and a Medium developer site.
- Threat actors are contacting Twitter users directly to entice them to take part in a test of their brand-new game.
- In exchange for testing and promoting the game, they promise to pay users in Ethereum.
- The fake website welcomes users with information about the project and an interactive map of the game's environments.
- In reality, the website is actually a clone of the legitimate Alchemic World that has been cautioning users against it.
How does it work?
- When a user clicks the arrow in the upper right-hand corner of the site, they are taken to a page that requests a code to download the project's alpha test.
- These codes are shared by threat actors with potential victims via Twitter direct messages. The access codes are also listed in the site's source code.
- Depending on the code entered, one of three files containing different malware gets downloaded from DropBox.
- The three files can install AsyncRAT, RedLine Stealer, and Raccoon Stealer, depending upon how the threat actors want to target specific individuals.
Conclusion
P2E games continue to garner popularity and fake communities could be potentially deceiving for many. If anyone has visited Cthulhu-world[.]com and downloaded any of its software, the visitor should run an antivirus scan on their computer right away. It is strongly advised that the user change all passwords and create new wallets.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/4a03_shutterstock_4027501.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2c4f_shutterstock_1757102030.jpg)
