Of course, hackers know how to trick users. When they start a new hack campaign, they look for something that users really crave, something to attract attention and increase the chances that the victim will take the bait. Pokémon is a phenomenon that moves masses. And if we also promise a new game, with the possibility of earning a lot of money with it, the number of interested users skyrockets. However, it is not really a Pokémon game for PC, but a dangerous virus.
A new NFT-based Pokémon card game has been gaining popularity for several weeks now. Like many other NFT games, users who play the most are rewarded because, thus, they can get better cards that, when sold in the internal market, receive tokens that can later be exchanged for cryptocurrencies. It is not a new system, since there are several games like this that allow you to earn a lot of money per month if you dedicate time to them. However, this Pokemon game is not one of them.
The game hides a remote control Trojan
Under the name of “Card Pokemon Game”, this game is deceiving users by offering what many want and have been looking for for a long time (a new Pokémon card game for PC), with the addition of NFTs so that they can buy and sell your cards and make money in the process. The game’s website is still online, although the download has been removed from the servers, probably to change the Trojan and make it undetectable again.
Hackers got the web up and running in December 2022, although as we can see on VirusTotal, hackers already probed VirusTotal with the malware several months earlier to see if it was detected or missed by antivirus software.
When the victim downloads the installer and installs the fake game on the PC, instead of having the game in question, what they have done is install a remote control Trojan. With it, hackers can remotely connect to the PC, access all the data and control it.
Therefore, if you have made the mistake of downloading and installing this fake game, we will quickly explain how to remove it.
How to remove the fake Pokemon game trojan
The Trojan in question is nothing more than a modified version of NetSupport, a legitimate and reliable program similar to TeamViewer. What the pirates have done has been to create a portable version of it, with a standard configuration so that, when it is run, the PC appears directly in its client and can be connected to it. The executable, and the configuration, are inside a folder created in %APPDATA%. To remove it, the first thing we will have to do is show hidden files in our explorer.
Then, within the aforementioned directory, we must look for the hidden folder that the installer has created, within which we will have to find an executable, called “client32.exe”, as well as a series of files and libraries necessary for it to work.
We select everything, and we eliminate it from the PC. Since no signs of persistence have been detected, after restarting the PC our computer will be safe again. All we have to do is remove the fake Pokémon NFT game installer and, incidentally, change our passwords just in case the hackers have managed to remotely connect to the PC.
