2 min read

Fake Solana Security Update NFTs Hide Password-Stealing Malware

Vlad CONSTANTINESCU

October 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Fake Solana Security Update NFTs Hide Password-Stealing Malware

Solana asset owners recently received rogue NFTs masquerading as Phantom wallet security update alerts that led them to install password-stealing malware on their devices.

Threat actors launched the malicious campaign two weeks ago by airdropping “PHANTOMUPDATE.com” and “UPDATEPHANTOM.com” NFTs to several Solana wallets. Attackers tricked users into believing the NFTs were security warnings sent by Phantom developers.

Opening the NFTs displayed a warning that a new Phantom update had been released. The rogue notification urged users to update their wallets as soon as possible to avoid “loss of funds due to hackers exploiting the Solana network.”

The notification also included a couple of websites that, when accessed, triggered an automatic Windows batch (.BAT) file download from Dropbox. Launching the file initially performs a check for Administrator rights and, if not found, displays a User Access Control prompt asking for elevated permissions.

Granting the BAT permissions through the UAC dialog launches a PowerShell script that would eventually download another file named windll32.exe from GitHub and launch it from C:\Users\<username>\AppData\Local.

A Bleeping Computer analysis revealed that it was a strain of password-stealing malware that can extract various types of data from compromised systems, including cookies, passwords, SSH keys and browser information.

The campaign likely focused on crypto assets such as tokens and NFTs. However, password-stealing malware can wreak more havoc than just draining crypto wallets.

People who receive suspicious NFT airdrops should refrain from interacting with them and avoid visiting websites included in the assets’ description fields. To avoid inadvertently interacting with rogue NFTs, you can burn or hide them, depending on the wallet apps’ abilities.

If you have already accessed the URLs mentioned in the phony NFTs’ description field, scan your device for malware as soon as possible. Once the malware’s removed, you can secure your assets and change potentially compromised passwords. Changing passwords while you’re still infected could send your new password to the attackers, making it a futile effort.


Specialized tools like Bitdefender Ultimate Security can protect you against password-stealing malware and other types of cybernetic threats with its extensive range of features:

  • 24/7 real-time data protection against viruses, worms, Trojans, zero-day exploits, ransomware, rootkits, spyware, and other e-threats
  • Behavioral detection module that scans active apps and prevents infection upon detecting suspicious activity
  • Anti-phishing system that detects and blocks suspicious websites that pose as legitimate ones to steal your data
  • Anti-fraud module that notifies you whenever you land on websites that may try to scam you

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read