A phishing site impersonating the newly-launched Pudgy World browser game targets crypto users with sophisticated wallet credential theft. The fake domain reproduces the official game's branding and uses a cloned WalletConnect modal to present convincing unlock screen overlays for 11 different wallets including MetaMask, Trezor, and Phantom. For hardware wallet users, it triggers a WebUSB API call to mimic a genuine Trezor handshake, potentially leading victims to enter their seed phrase. The page also employs anti-analysis techniques: obfuscated JavaScript checks for automated browsers and virtual machines before loading the malicious payload, and discards server responses under 500 KB to evade security scanners. The campaign was timed to coincide with Pudgy World's March 10, 2026 launch, exploiting new users unfamiliar with Web3 wallet flows. Key defense: a website can never display your real browser extension unlock screen inside the page content.
Table of contents
“Connect your wallet to get started”Eleven wallets, eleven convincing forgeriesThe forgery sits exactly where your real extension wouldThe page that plays dead for researchersWhy this campaign targets Pudgy playersWhat to do if you may have been affectedIndicators of Compromise (IOCs)Sort: