Cybercriminals are exploiting the growth in popularity of NFTs in efforts designed to trick victims into downloading trojan malware capable of hijacking their PCs while stealing usernames and passwords.
Cybersecurity researchers at Fortinet have spotted what’s described as a “peculiar-looking Excel spreadsheet” which purports to contain information about NFTs – but the real purpose of the file is to aid the delivery of BitRAT malware.
BitRAT is a remote access trojan (RAT) that first emerged for sale in underground forums in August 2020. What makes it notable is it can bypass User Account Control (UAC), a Windows feature which helps to prevent unauthorised changes to the operating system.
The malware comes with various trojan functions, including the ability to steal login credentials from browsers and applications, the ability to log keystrokes and the ability to upload and download files. This edition of BitRAT can also monitor the screen of the victim in real-time, use their webcam and listen to audio through the microphone.
It’s not detailed how the malicious Excel file is distributed to victims, but it claims to offer information on forecasts on potential investment returns and the number NFTs available in each series. It also contains links to legitimate Discord channels on NFTs, meaning it’s likely that the intended victims are NFT enthusiasts.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The Excel file contains a malicious macro, which if enabled, runs a PowerShell script that retrieves and downloads malware, before secretly running it on the compromised machine.
NFTs (non-fungible tokens) are digital tokens that use the blockchain to verify the authenticity of digital content and ownership. The hype surrounding NFT art and other collectables means that they can trade hands for millions of dollars.
When there’s hype and money involved, people quickly become interested. But cybercriminals are always looking for new trends and themes to exploit to trick victims into opening phishing emails or downloading malware – and now they’re leveraging the interest in NFTs.
In addition to collecting data and snooping on the victim, BitRAT can also install cryptojacking malware on the infected machine, enabling them to secretly use the processing power to mine for Monero cryptocurrency.
As NFTs can change hands for large amounts of money, it’s potentially the case that the cybercriminals behind this campaign are financially motivated. But even if the victim doesn’t own NFTs, the amount of personal information that can be stolen with trojan malware can be extremely valuable to the attackers – and damaging for the victim.
“Be mindful that attackers often use attractive and trendy subjects as lures. As NFTs become increasingly popular, they will be used to entice victims into opening malicious files or clicking on malicious links,” Fortinet researchers warned.
“Standard security practices such as not opening files downloaded from untrusted or suspicious sources can prevent threat actors from gaining access to users’ money and valuable data,” they added.
MORE ON CYBERSECURITY
