With #P2E's popularity, threat actors are leveraging on the fact that excited players are ready to jump on board to test the new game (and earn at the same time).
Here's a 🧵about a #Redline stealer #malware from a "project" that recently launched a "beta test"
2/
I came across @DheerajShah_'s thread about how he was almost hacked, and one of the commenters caught my eye.
@_Starkcrypto shared that he was compromised by a project claiming to be a "p2e beta testing"
That project is @rworldp2e (now @R_WorldP2E). As they were called out by Stark, the account changed the username lol. Here's the ID though: 1467094027480625155
Upon unpacking the rar file, a password-locked rar file and a Readme.txt is given which contains the password.
The second rar file, contains the so-called beta game. It looks convincing as it contains the libraries and other files to run a "legitimate" game.
6/
Running the ReptileWorld_Launcher_Setup.exe and granting the admin permission is the start of the #Redline stealer #malware.
It begins to crawl on the victim's files to steal browser data, which also contains the Metamask vault files: metamask.zendesk.com/hc/en-us/artic…
7/
The stolen data is then exfiltrated to a command and control server (C&C) for the threat actors to check your data and begin their devious acts. And one example is stealing your digital assets, which is what @_Starkcrypto experienced.
8/
Interestingly, it is the same C&C used for a fake @rStellaFantasy, which is a #P2E project as well.
The botnet value for the fake stella fantasy was "07.06", and "29.06" for reptile chronicles. This is very likely the starting date of the campaign.
How do you protect yourself against this?
- Use a hardware wallet
- Don't download and run shady files, especially if there's no established trust from multiple users who are eager to play the game. The testimonials may be bottled, so verify it on various sources, ask a lot.