Phantom users receive malware disguised as NFTs

Users risk losing passwords and funds on cryptocurrency wallets when they click on links from non-fungible tokens

11.10.2022 - 08:15

342

2 min

What’s new? Cybersecurity experts at BleepingComputer have warned users about a fake security update for Phantom cryptocurrency wallets on the Solana blockchain. Hackers, under the guise of a wallet update, send out non-fungible tokens (NFTs) that contain malware.

News on the BleepingComputer website

How does the hack happen? The attackers pose as members of the Phantom team and send NFTs with malware to wallet owners to steal passwords. The tokens usually have names like PHANTOMUPDATE.COM and UPDATEPHANTOM.COM.

After opening the NFT, users are notified that a new security update has been released for the Phantom wallet, which can be downloaded from the attached link. When the website is accessed, malware from GitHub is downloaded to victims’ devices which steals browser information, cookies, history, passwords, SSH keys, and other information. Solana users are advised to scan their devices with antivirus software and change their passwords.

In August, the Solana network was subjected to a hacker attack that resulted in attackers managing to withdraw millions of dollars from users’ wallets. Analysts at Watcher Guru reported the theft of more than $7 million in SOL tokens and USDC stablecoins. Solana developers later revealed that the affected addresses were created, imported, or used in Slope mobile wallet apps.

In September, the 1inch team warned about a vulnerability in the Ethereum vanity address generating tool Profanity. Thus, keys to wallets created with the service could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago after “fundamental security issues in the generation of private keys” were found.

Author: