Hackers Make Fake Cthulhu Website to Distribute Malware

Fake Cthulhu website spreads malware 

Threat actors have made a fake 'Cthulhu World ' play-to-earn community, this includes websites, social accounts, a medium developer site, and Discord groups to spread the Raccoon stealer, AsyncRAT, and Redline password stealing malware on innocent targets.

As play-to-earn communities have risen in popularity, threat actors and scammers constantly attack these new platforms for suspicious activities. 

The same applies to a new malware distribution campaign found by cybersecurity expert "iamdeadlyz", where hackers made an entire project to advertise a fake play-to-earn game known as Cthulhu World.

Hackers promote the fake project 

To publicize the 'project,' hackers send direct messages to users on Twitter asking if they wish to perform a test of their new game. In return of testing and promoting the game, the hackers promise of rewarding in Ethereum. 

When a user visits cthulhu-world.com site (currently down), users are welcomed with a well designed website, it includes information about the project and an interactive map of the game's environment.

But, it is a fake site which is a copy of the original Alchemic World Project, which has warned its users to stay aware of the fake project. Someone made a fake account for our project, and copied the website, and all social media.

Experts say to "stay away"

"STAY AWAY this account and don't follow them. All their assets were stolen from our project," Tweeted Alchemic World. 

The Cthulhu World website is also different in some ways, for instance, when a user clicks the upper right-hand corner arrow on the website, the site brings them to a webpage requesting a "code" to download the "alpha" test of the project.

The hackers then distribute these codes to potential victims as a part of their DM conversations on Twitter. The access code list can be found on the site's source code. 

3 downloaded files contain the malware 

On the basis of the code entered, one of the three files is downloaded from the DropBox. All of these three files will install different malware, which allows the threat actor to pick and choose how they want to attack a particular victim. 

The three malware found by AnyRun installs are Raccoon Stealer, AsyncRAT, and RedLine Stealer.

"As RedLine Stealer and Raccoon Stealer are known to steal cryptocurrency wallets, it is not surprising to find that some victims have already had their wallets cleaned out by this scam," says Bleeping Computer.

 

The Cthulhu World Website is currently shut down, but their Discord is up and running. It isn't clear if users on this Discord are aware that a website is sharing malware, however, few users have full faith that it is a genuine project.

How to protect yourself?

If you visited Cthulhu-world.com and installed any of their softwares, the user should immediately remove any items found and run an antivirus scan on the system right away.

You should also note that these malware infections can steal your cookies, crypto wallets, and saved passwords, you should reset all passwords and make a new wallet to import all the cryptocurrency.

The best way to protect yourself is to reinstall your system from scratch, as these malware infections give full access to an infected computer, and other suspicious malware can be installed.