Hacking campaign seeks to steal NFT tokens from thousands of digital artists

A recent hacking campaign targeting digital artists and creators of non-funible tokens (NFT) led to the theft of sensitive information and an attempted banking fraud. These attacks, detected early last week, sowed panic among the cryptocurrency and blockchain technology community.

Early reports indicate that the threat actors behind the incident employed multiple fake social media accounts to approach NFT creators with active business deals, trying to trick them into getting a malicious file downloaded and executed. This file was disguised as a Windows screensaver with a .SCR file extension.

According to cybersecurity researcher Bart Blaze mentioned that the compromised files were configured to temporarily install a sample of the Redline malware on the victims’ devices.

Blazer adds that malware is delivered without a persistence mechanism, so it is removed from the target system after it restarts or shuts down. However, the malware works at a high speed, as it requires just a few minutes to perform tasks of collecting and stealing sensitive information, including cryptocurrency addresses and related settings.

These hackers appear to have specifically targeted owners and creators of NFT, a blockchain-based system that, among other things, allows artists to link their creations to blockchain implementations and sell them as a unique digital artwork.

Between January and March 2021, profits from the sale of NFT amounted to more than $2 billion USD and, although a significant decline in these operations was detected during the last month, many experts believe that there is a real possibility that this will become a sustained market.

This volume of potential gains caught the attention of cybercriminal groups, which have already deployed multiple successful attacks against NFT owners. One of these attacks involved the loss of more than 176 thousand dollars due to an improper transfer of 40 thousand NFT tokens. Artists like 3D director Nicole Ruggiero have been victims of this recent hacking campaign.

Jong Chan Han, a photographer residing in South Korea, claims he nearly fell into the trap: “I managed to spot the scam before installing the malicious file. Something that made me doubt from the beginning was the low number of followers of the account that tried to contact me, in addition to the absence of professional profiles in its description.”

For more information on hacking incidents, cybersecurity, malware attacks and security tips, feel free to access the platforms of the International Institute of Cyber Security (IICS).