Hackers seem to be forever targeting Solana. Unknown hackers have been distributing nonfungible tokens (NFTs) to Solana crypto users over the past two weeks while disguising them as a new Phantom wallet security update. However, the NFTs are actually malware that is intended to steal the users’ money.
As per BleepingComputer, the hackers are utilizing NFTS called “PHANTOMUPDATE.COM” or “UPDATEPHANTOM.COM” and are posing as members of the Phantom team.
Users are informed when they open the NFT that a new security update for the Phantom wallet has been released and can be downloaded using the included link or the mentioned website.
The mail emphasizes urgency by warning that skipping the phony security update “may result in a loss of cash owing to hackers abusing the Solana network.”
Analysts believe it might be related to the Solana wallet hack
The Solana-based wallet heist, which resulted in the theft of almost $8 million from 8,000 wallets in August, such as those belonging to Phantom wallet users, is probably what prompted the urgency element. Later, it was discovered that Slope, a Web3 wallet service built in Solana, had security flaws.
If a victim follows the bogus Phantom update instructions, malware that attempts to steal the user’s browser data, history, cookies, passwords, SSH keys, and other information is downloaded from GitHub.
It is advised that users who may have unintentionally fallen victim to this fraud take security steps such as running an antivirus check on their computer, protecting their cryptocurrency holdings, and changing the passwords on sensitive websites like bank accounts and cryptocurrency trading platforms.
The windll32.exe program, according to VirusTotal, is a password-stealing virus that tries to collect browser data, including history, cookies, and passwords, as well as SSH keys and other details.
Earlier efforts sent a program with the name lib64.exe [VirusTotal], which was known to be MarsStealer, even though the particular password-stealing malware that is now propagating is unclear.
A data-stealing malware software called MarsStealer, which was first released in 2020, steals data from many crypto extensions and wallets and all commonly used web browsers.
The aim of this effort is presumably to acquire crypto wallets and passwords so that threat actors may steal all bitcoin funds and access the victim’s other accounts.