Hackers spread password-stealing malware through NFT airdrops disguised as Solana Phantom security updates
According to BleepingComputer, unknown hackers have been airdropping NFTs to Solana cryptocurrency users under the pretext of a new Phantom wallet security update. However, instead of an update, the malware steals their crypto. The hackers are claiming to be from the Phantom team and use NFTS titled PHANTOMUPDATE.COM or UPDATEPHANTOM.COM.
As they open the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded via the enclosed link or the listed website. the malefactors also exploit the urgency factor, claiming that failing to download the fake security update “may result in a loss of funds due to hackers exploiting the Solana network.”
It may seem credible since Solana-based wallet hack that took place in August saw roughly $8 million stolen from 8,000 wallets. Those included Phantom wallet users. The security exploit was later linked to vulnerabilities within the Web3 wallet service Slope.
However, if a a victim follows the fake Phantom update instructions, malware downloaded from GitHub attempts to steal browser information, history, cookies, passwords, SSH keys and other information from the user.
If you have fallen prey to this scam, take security precautions: scan your computer with antivirus software, secure crypto assets and change passwords on sensitive financial and crypto platforms.