Phantom users receive malware disguised as NFTs
Users risk losing passwords and funds on cryptocurrency wallets when they click on links from non-fungible tokens
11.10.2022 - 08:15
359
2 min
0
What’s new? Cybersecurity experts at BleepingComputer have warned users about a fake security update for Phantom cryptocurrency wallets on the Solana blockchain. Hackers, under the guise of a wallet update, send out non-fungible tokens (NFTs) that contain malware.
News on the BleepingComputer website
How does the hack happen? The attackers pose as members of the Phantom team and send NFTs with malware to wallet owners to steal passwords. The tokens usually have names like PHANTOMUPDATE.COM and UPDATEPHANTOM.COM.
After opening the NFT, users are notified that a new security update has been released for the Phantom wallet, which can be downloaded from the attached link. When the website is accessed, malware from GitHub is downloaded to victims’ devices which steals browser information, cookies, history, passwords, SSH keys, and other information. Solana users are advised to scan their devices with antivirus software and change their passwords.
In August, the Solana network was subjected to a hacker attack that resulted in attackers managing to withdraw millions of dollars from users’ wallets. Analysts at Watcher Guru reported the theft of more than $7 million in SOL tokens and USDC stablecoins. Solana developers later revealed that the affected addresses were created, imported, or used in Slope mobile wallet apps.
In September, the 1inch team warned about a vulnerability in the Ethereum vanity address generating tool Profanity. Thus, keys to wallets created with the service could be calculated by brute force. An anonymous developer of Profanity added that the project was “abandoned” several years ago after “fundamental security issues in the generation of private keys” were found.
Useful material?
Market
Analysts note that from 2024 to 2030, tokens worth $155 billion will be unlocked
May 17, 2024
Technologies
The new mechanism has already made it possible to calculate over tens of millions of fraudulent addresses
May 16, 2024
Incidents
The amount of damage amounted to $25 million in cryptocurrencies
May 16, 2024
Market
FTX customers will be compensated in cash, unlike Mt. Gox and Gemini customers who will receive cryptocurrencies
May 16, 2024
Technologies
It is available to crypto wallet users worldwide as an additional feature
May 15, 2024
Market
The ex-official known for his initiatives to explore the potential of blockchain in the financial system has joined the board of directors of a fintech company
May 14, 2024