Hackers are spreading password-stealing malware via NFT releases purporting to be Solana Phantom security updates.
During the last two weeks, Unknown hackers have been sending non-fungible tokens (NFTs) to Solana cryptocurrency users, posing as a new Phantom wallet security update. However, instead of an update, it is malware designed to steal your cryptocurrencies..
According to BleepingComputer, hackers claim to be from the Phantom team and use NFTs titled PHANTOMUPDATE.COM or UPDATEPHANTOM.COM.
After opening the NFT, users are informed that a new security update for the Phantom wallet has been issued and can be downloaded using the attached link or the indicated website.
To add urgency, the message claims that failure to download the fake security update “may result in loss of funds due to hackers exploiting the Solana network”.
The urgent piece is likely related to the Solana-based wallet hack, which saw some $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users.. The security flaw was later linked to vulnerabilities in the Solana-based Web3 wallet service, Slope.
If a victim follows the instructions in the fake Phantom update, the process ends with a malware download from GitHub that attempts to steal browser informationhistory, cookies, passwords, SSH keys, and other user information.
Users who may have inadvertently fallen for this scam are advised to take security precautionssuch as scanning your computer with antivirus software, securing your crypto assets, and changing passwords for sensitive platforms like bank accounts and cryptocurrency trading platforms.
In the past, similar malware-spreading campaigns have employed malware dubbed Mars Stealer to steal crypto from unsuspecting users..
An update to the 2019 Oski trojan that steals information, Mars Stealer targets over 40 browser-based cryptocurrency wallets, along with popular two-factor authentication (2FA) extensions, with a grab feature that steals users’ private keys.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
- PayPal says policy of punishing users for posting misinformation was ‘a mistake’
- Maggie Wu was presented at Blockchain Land Nuevo León 2022
- Sustainable Blockchain Summit 2022 will be held in the city of Bogotá, in Colombia
- There are now over 5,000 Bitcoin ATMs worldwide
- Business Insider: Goldman Sachs Drops Plans to Open Crypto Trading Hub
- Crypto Fund Bets $1 Million It Will Outperform S&P 500 in ‘Buffett Bet 2.0’
- Ethereum zkSync Scaling Protocol Layer 3 Prototype To Be Tested In 2023