Scammers are targeting now Phantom users by airdropping fake non-fungible tokens (NFTs), calling on victims to upgrade their wallets with malicious software, which steals credentials, BleepingComputer reports.
Subscribe to our Telegram channel to get daily short digests about events that shape the crypto world
The report says hackers are distributing NFTs titled 'PHANTOMUPDATE.COM' or 'UPDATEPHANTOM.COM' in the form of a warning from the developers of Phantom. Once wallet owners open NFTs, they are told they need to download the latest urgent update. The fake warning states:
"Failing to do so, may result in loss of funds due to hackers exploiting the Solana network. Visit www.updatePhantom.com to get the latest security update."
When visiting the website, the website automatically downloads a batch file titled Phantom_Update_2022-10-08.bat, which launches a PowerShell and downloads a malicious file windll32.exe. Once the file is downloaded, it tries to steal browser history, cookies, passwords, SSH keys and other information.
Access more than 50 of the world's financial markets directly from your EXANTE account – including NASDAQ, London Stock Exchange and Tokyo Stock Exchange