Not to be confused with the Pokémon Trading Card Game, the Pokémon Card Game is not a real game. It is malware disguised as a Pokémon NFT game, designed to trick unsuspecting Pokémon fans into clicking on dangerous links. The malicious Fakemon installs remote control software on infected computers, which hackers use to access users' personal data and make your PC the target of even more vicious attacks.

According to cybersecurity analysts at ASEC (opens in new tab), via bleepingcomputer (opens in new tab), hackers have created a rather convincing fake gaming website and a fake Pokémon card NFT that can be claimed and cast. They even created a marketplace. However, this fake website does not offer real Pokémon NFTs and is nothing but a headache.

Clicking the "Play on PC" button on the website downloads an installer, which instead of installing the game, embeds a tool called NetSupport Manager deep into the file. This essentially opens a backdoor to your PC.

To make matters worse, the malicious download file has an official-looking Pokémon icon and file information that can easily convince anyone who downloads the file, especially younger users. At the time of this posting, the fake Pokémon card game website is still live.

Given the popularity of Pokémon and NFT, this scam is compelling because it seems that the Pokémon NFT card game could be real. Nintendo expressed less interest in NFT and the Metaverse (opens in new tab) in a Q&A last year and has not announced an NFT game, but a good fake could fool those unfamiliar with the news.

Hackers are always trying to find creative ways to get people to click on malicious links. Whether it's a convincing pop-up ad or a strange email thread (opens in new tab) that has received a CC, play it safe and don't click on anything. Except for this link (opens in a new tab). This is perfectly safe.