Threat actors have created a clone of the legitimate play-to-earn (P2E) game known as Alchemic World with the intention to distribute AsyncRAT, Raccoon Stealer, and RedLine Stealer onto the hosts of their victims. The clone, dubbed Cthulhu World, had a fake ecosystem that it used to lure in victims. This ecosystem featured Discord groups, social media accounts, a Medium developer site, and posts from fake community members on other websites. The attackers would also send direct messages to users on Twitter with the intention of getting potential victims to test their new game. Access codes would then be provided to potential victims, allowing the attacker to choose which specific malware the user would download. The website for Cthulhu World has been taken down. The malware that was downloaded allows for remote access, stealing of saved passwords, cookies, and crypto wallets, among other actions. Users have posted publicly of having their cryptocurrency wallets drained as a part of this campaign.
Analyst Notes
As phishing awareness campaigns are becoming more frequent in many companies, threat actors are forced to become more and more advanced in their social engineering tactics in order to be successful. Rather than spoofing just a singular site, person, or program, the attackers behind this campaign spoofed an entire ecosystem. Seeing a whole ecosystem instead of a singular suspicious link or file increased the credibility of this malware campaign, legitimizing it in the eyes of many people who ended up downloading malware.
https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/
