A recent malware campaign targeting online artists fascinated by profitable non-fungible token (NFT) projects is a good sign of how threat actors are leveraging their snowball interest in digital products. is. Ride the NFT wave.
The campaign observed by Malwarebytes researchers included a message claiming to be from the Cyberpunk Ape Executives of the NFT project. These were sent to digital art creators on online platforms such as DeviantArt and Pixiv, inviting recipients and working with the people behind the Cyberpunk Ape project to create new NFT characters. They also promised $ 350 per day as compensation.
The link in the message provided the recipient with more information about the project. When the user clicked on it, it was sent to a site that downloads multiple images of apes, claiming to be examples of NFTs from the project. One of the images is an executable file that infected the information stealer on the user’s system when opened.
According to Malwarebytes, account owners complaining that their accounts are being used to send spam to others on platforms such as Pixiv and DeviantArt with messages about the same cyberpunk ape executive NFT project. There are several people. Malwarebytes said it couldn’t determine if the information stealer itself was responsible for account hacking or if other forms of phishing were involved.
NFT-related cybercrime: a rapidly expanding threat
According to security researchers, this campaign is one of the fastest growing NFT-centric attacks. Chris Boyd, head of Malwarebytes malware intelligence analyst, targets most of them, at least for now, people who work directly in NFT spaces. “But as more mainstream companies adopt NFT projects or try to get involved in blockchain, it will soon become a concern across the more traditional industry,” he predicts.
Analyst companies such as Gartner and Forrester have already predicted a world where NFTs will play a key role in corporate strategy over the next few years. Gartner describes NFTs in the 2021 emerging technology hype cycle as one of the technologies that has the greatest potential impact on business and society over the next decade. Analyst firms say that NFTs will play a fundamental role in the new metaverse where organizations seek to provide better engagement, collaboration, and connectivity with employees and others through immersive virtual workplaces. I’m looking forward to it.
Forrester also points to organizations such as the insurance company State Farm, which is jumping into the NFT space for football-themed treasure hunts, as an example of a rapidly growing company experimenting with non-fungible tokens.
Earlier this year, the Harvard Business Review described early corporate efforts on NFTs focused on launching unique digital collections, such as Campbell’s Soup Can Art. HBR predicts that over the next few years, NFTs could become the “central digital touchpoint” between businesses and their customers.
Various attacks
According to Boyd, Malwarebytes researchers observe various NFT and cryptocurrency threats daily.
“The most common attacks try to trick crypto enthusiasts into passing the wallet’s recovery phrase,” he says. Fraudulent users often lose permanent access to their funds, he says. “Fake airdrops, which are fake promotional gifts, are also common, requesting recovery phrases and connecting victims to malicious airdrop sites. Also, fake airdrop sites. Many say it’s a copy of a real NFT project, he says, with small unidentified projects around it often difficult to determine authenticity.
Oded Vanunu, Head of Product Vulnerability at Check Point Software, said his company’s observations through NFT-centric attacks were activities focused on exploiting weaknesses in NFT markets and applications. increase.
“We need to understand that every NFT or crypto market uses the Web3 protocol,” says Vanunu, referring to a new idea for the new Internet based on blockchain technology. He states that attackers are trying to find new ways to exploit vulnerabilities in applications connected to distributed networks such as blockchain.
Over the past few months, Check Point Research has targeted attacks that attempt to trick users into providing access to NFT platforms or wallets, as well as vulnerabilities in the NFT marketplace to access NFTs belonging to digital artists. I observed the attack.
Checkpoint has also observed attacks involving the use of malicious NFTs to exploit platform vulnerabilities, Vanunu says. He says organizations holding NFT or crypto assets need to be aware of these threats. Enterprise users who access NFT marketplaces using company-issued devices can also put their organization at risk, he says.
The rise in NFT-centric fraud shows how attackers are leveraging new and relatively unknown attacks on victims, says Hank Schles, Lookout’s senior manager security solution. He says many people buy NFTs in cryptocurrencies without a complete understanding of the underlying mechanism. For example, “people who are new to NFTs may not know how to verify that the digital assets they are looking at are genuine,” he says.
Attackers can take advantage of this lack of knowledge, for example, to trick people into bidding on fake NFTs. This can be especially problematic for more expensive NFTs, where the main bidder or buyer may offer fragmentary ownership of the NFT to a large group of buyers.
“These group purchases are typically coordinated through social media platforms such as Twitter, Reddit, and Discord, giving attackers access to a large number of potential victims,” says Schless. While most NFT scams continue to focus on consumers, he says attackers could easily use NFT lures to deliver malware to corporate devices and access corporate data.
Vanunu of Check Point says it’s time for organizations to raise user awareness of NFT-centric threats. Organizations using NFT platforms or crypto wallets must perform multi-factor authentication to access them. He also recommends using two wallets. One is cold (or offline) to hold all digital donkeys and the other is dedicated to small trades.
That way, “if abused, hackers won’t be able to hijack too much,” he says.
