Hackers have created a fake “Cthulhu World” project for info-stealing
Scammers and threat actors are increasingly utilizing new platforms for their nefarious intentions as play-to-earn games gain in popularity. In order to infect gullible people with the password-stealing malware infections Raccoon Stealer, AsyncRAT, and RedLine, hackers have created a fake “Cthulhu World” play-to-earn community, complete with websites, Discord groups, social media profiles, and a Medium developer site.
This was the case with a recent virus distribution effort, discovered by cybersecurity researcher iamdeadlyz, in which threat actors created a full project to promote a fictional play-to-earn game called Cthulhu World. In order to advertise the “project,” threat actors are directly contacting Twitter users and enticing them to take part in a test of their new game. Iamdeadlyz claims that the threat actors promise to pay them in Ethereum in exchange for testing and promoting the game.
When users arrive at the now-defunct Cthulhu-world.com website, they are greeted by a well-designed website with information on the project and an interactive map of the game’s environs. When users arrive at the now-defunct Cthulhu-world.com website, they are greeted by a well-designed website with information on the project and an interactive map of the game’s environs.
The website for Cthulhu World also differs noticeably; when a user clicks on the arrow in the top-right corner of the page, they are directed to a page that asks for a code to download the project’s “alpha” test.
Depending on the code entered, one of three files will be downloaded from DropBox. The three files each install a different kind of malware, apparently allowing threat actors to pick and choose which individuals to target. The three pieces of malware that AnyRun installers have found are AsyncRAT, RedLine Stealer, and Raccoon Stealer.
The website for Cthulhu World is no longer available, however, the Discord server is still up and running. Although it’s unclear if anyone using this Discord is aware that the website is disseminating malware, some users definitely think this is a real effort.
If you went to Cthulhu-world.com and downloaded any of their software, you should remove any items discovered and conduct an antivirus scan on your computer right away.