Crypto Fans Are So Dumb They Click .EXEs Disguised as NFTs

In a way, NFTs are even worse than we thought.

A report from cybersecurity firm Malwarebytes found that there has been a marked increase in malware campaigns aimed at the NFT community, where enthusiasts appear to be the perfect targets, not only because they are often technically naive, but also because they often have a high numerical value. active on their computers.

In other words, full crypto control over your assets sounds great in theory, but it leaves investors little recourse. It’s become an increasingly big deal in recent years, with uninformed investors, lured by the hype around Dogecoin-funded Bored Apes and Lamborghinis, putting their hard-earned life savings into digital assets they don’t want. have no way to recover if stolen.

And hackers are taking notice. Malwarebytes pointed to fake job postings, posted by hackers posing as representatives of NFT collections.

In posts on DeviantArt and Pixiv, its Japanese equivalent, the company found artists had been cold-contacted by users claiming to be from “Cyberpunk Ape Executives,” which appears to be a genuine, albeit less popular, line of NFTs. . or expensive as one of the checked lines is, well, monkey.

“Hi! We appreciate your artwork!” read messages received by users, by Malwarebytes. “Cyberpunk Ape Executives is inviting 2D artists (online/freelance) to collaborate on creating an NFT project. As a 2D artist, you will create amazing and adorable NFT characters. Your characters will become an important part of our NFT universe!

In addition to the fraudulent job offers, the messages also came with a link to a download page that prompted users to download a file containing three regular GIFs and a sneakily hidden .EXE file that Malwarebytes analysis found , steals information from unwitting users. .

Screenshot via Malwarebytes.

While these types of phishing attempts aren’t uncommon or particularly high-tech, they’re geared toward the less cybersecurity-minded — and with NFTs and other blockchain-based Web3 protocol gear attracting more and more new users, the base of these types of malware attacks is growing more and more.

As scammed users noted, their accounts began spamming others with similar recruitment messages. Again, this style of malware attack is far from uncommon, but it’s interesting to see scammers embracing NFTs as an attack vector.

Although these attacks have so far only focused on individual users, the potential for attacks against businesses and organizations is high, especially if unwitting victims gain access to malware-infected files on business computers. .

As Malwarebytes puts it, “Ape executives have a job offer you can and should turn down.”

In other words: don’t open a random file full of unsolicited random NFTs if you can help it. And, for God’s sake, set your operating system up so that you don’t accidentally run an executable thinking it’s an image file.

READ MORE: Fake Cyberpunk Ape executives target artists with malware-laden job posting [Malwarebytes].

Learn more about crypto scams: Woman Scammed for $8 Million in Crypto, Sues Exchanges

Leave a Comment

%d bloggers like this: