Beginning last week, NFTs were the focus of a targeted social engineering campaign using LinkedIn. NFTs or non-fungible-tokens allow creators to link their work to the ETH blockchain and sell the token guaranteed by the immutable ledger. The attacker used various identities to trick creators into downloading and executing a malicious screensaver file (.SCR). Redline Stealer was then installed and used to access cryptocurrency wallets—reportedly taking $176,000 worth of AXS tokens from one creator. Another creator reported telltale signs of a scam, “several issues with the threat actor’s public profile rang alarm bells, such as the low follower count, the lack of a professional LinkedIn or Linktree profile, the attacker’s desire to pay in ETH (Ether coins) with no paperwork, and the request to install a custom app,” said Jong Chan Han
Analyst Notes
Social engineering can be devastating and remains one of the most prevalent methods of compromise. There are several methods to combat the effects, but they can be ineffective when emotions are involved. It is always prudent to investigate any offers, emails, or requests to download software and it is very important to check links before opening. One of the reported hurdles this threat actor ran into was when their intended victim had Multi-Factor Authentication (MFA) set up to protect their account access, and it can’t be stressed enough how important MFA is for security. With cryptocurrency gaining popularity over the past few years. exchanges and individuals have become the target of more attacks.
https://therecord.media/nft-creators-tricked-into-installing-malware-in-highly-targeted-attack/
