The hackers seem to be targeting Solana forever. Unknown hackers have been distributing non-fungible tokens (NFTs) to Solana crypto users over the past two weeks while disguising them as a new Phantom wallet security update. However, NFTs are actually malware intended to steal users’ money.
According to BleepingComputer, hackers use NFTS called “PHANTOMUPDATE.COM” or “UPDATEPHANTOM.COM” and impersonate members of the Phantom team.
Users are notified when they open the NFT that a new security update for the Phantom Wallet has been released and can be downloaded using the included link or the mentioned website.
The mail emphasizes the urgency, warning that skipping the fake security update “may result in loss of money due to hackers abusing the Solana network.”
Analysts think it could be linked to the Solana wallet hack
The Solana-based wallet heist, which resulted in nearly $8 million being stolen from 8,000 wallets in August, such as those belonging to Phantom wallet users, is likely what triggered the emergency element. Later, it was discovered that Slope, a Web3 wallet service built in Solana, had security vulnerabilities.
If a victim follows the fake update instructions of Phantom, a malware that attempts to steal browser data, history, cookies, passwords, SSH keys and other user information is downloaded from GitHub.
Users who may have unwittingly fallen victim to this scam are advised to take security measures such as running a virus check on their computer, protecting their cryptocurrency holdings, and changing passwords. on sensitive websites like bank accounts and cryptocurrency trading platforms.
The windll32.exe program, according to VirusTotal, is a password-stealing virus that attempts to collect browser data, including history, cookies, and passwords, as well as SSH keys and other details.
Previous efforts sent a program with the name lib64.exe [VirusTotal]which was known to be MarsStealer, although it is unclear what password-stealing malware is currently spreading.
A data-stealing malware called MarsStealer, which was first released in 2020, steals data from many crypto extensions and wallets and all commonly used web browsers.
The purpose of this effort is presumably to acquire crypto wallets and passwords so hackers can steal all bitcoin funds and gain access to the victim’s other accounts.