Threat actors have created a clone of the legitimate play-to-earn (P2E) game known as Alchemic World with the intention to distribute AsyncRAT, Raccoon Stealer, and RedLine Stealer onto the hosts of their victims. The clone, dubbed Cthulhu World, had a fake ecosystem that it used to lure in victims. This ecosystem featured Discord groups, social media accounts, a Medium developer site, and posts from fake community members on other websites. The attackers would also send direct messages to users on Twitter with the intention of getting potential victims to test their new game. Access codes would then be provided to potential victims, allowing the attacker to choose which specific malware the user would download. The website for Cthulhu World has been taken down. The malware that was downloaded allows for remote access, stealing of saved passwords, cookies, and crypto wallets, among other actions. Users have posted publicly of having their cryptocurrency wallets drained as a part of this campaign.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in