Hackers are disseminating malware that steals passwords using NFT airdrops that appear to be Solana wallet Phantom security updates.
Anonymous hackers have been airdropping non-fungible tokens (NFTs) to Solana crypto users for the past two weeks while disguising their actions as a new Phantom wallet security update. However, it’s malware intended to steal their cryptocurrency, not an update.
As per BleepingComputer, the hackers are utilizing NFTS called PHANTOMUPDATE.COM or UPDATEPHANTOM.COM and are pretending to be members of the Phantom team.
Users are informed when they open the NFT that a new security update for the Phantom wallet has been released and can be downloaded using the included link or the mentioned website.
The message emphasizes urgency by saying that skipping the fake security update “may result in a loss of funds due to hackers exploiting the Solana network.”
The Solana wallet attack, which resulted in the theft of almost $8 million from 8,000 wallets in August, including those belonging to Phantom wallet users, is probably what prompted the urgency factor. Later, it was discovered that Slope, a Web3 wallet service built in Solana, had security flaws.
If a victim follows the false Phantom update instructions, malware that attempts to steal the user’s browser data, history, cookies, passwords, SSH keys, and other information is downloaded from GitHub.
It is advised that users who may have unknowingly fell victim to this fraud take security steps like running an antivirus check on their computer, protecting their cryptocurrency holdings, and resetting the passwords on sensitive websites like bank accounts and cryptocurrency trading platforms.
Similar virus-spreading schemes have in the past used software known as Mars Stealer to steal cryptocurrency from unwary victims.
An updated version of the 2019 data-stealing Oski trojan, Mars Stealer uses a grabber feature to steal users’ private keys and targets over 40 browser-based crypto wallets and well-known two-factor authentication (2FA) extensions.