NFTs have vindicated their artistic potential, positioning themselves as an art alternative highly appreciated by collectors and cybercriminals.
What are NFTs
Non-Fungible Tokens (NFT) entered the popular lexicon in 2021. It is a digital, non-exchangeable token that uses blockchain to verify the authenticity of digital content and its ownership, represented in different disciplines such as art, music , collectibles and video game items.
The first big NFT buzz came in March 2021, when the digital artwork “Everydays – The First 5000 Days”, created by digital artist “Beeple”, was auctioned off and sold for a record $69 million. Dollars. That same month, the NFT for the first tweet posted by then-Twitter CEO Jack Dorsey sold for $2.9 million. NFTs even breathed new life into a popular internet meme from 10 years ago, “Nyan Cat,” when the original creator remastered the GIF and sold it as NFTs for 10 Ethereum ($590,000).
As is often the case in different spheres, the exclusive possession of unique assets tends to trigger the desire for ownership -and the price-. And cybercriminals are no strangers to it and are trying to exploit this activity.
Beware of NFT theft!
One of the methods that cybercriminals are using the most to steal NFTs is the use of malware. Research labs FortiGuard Labs recently found a peculiar-looking Excel spreadsheet that apparently included NFT-related information, but actually downloaded and installed BitRAT malware in the background.
Some clues to be able to identify this type of file: it is in XLMS format, it is called “NFT_Items.xlsm” and it has two workbooks, one of which is written in Hebrew. The XLSM contains a malicious macro, which the user is prompted to activate when opening the file. Once opened the macro is enabled and a batch file is downloaded. This is followed by a succession of downloads of other files.
One of the methods that cybercriminals are using the most to steal NFTs is the use of malware
FortiGuard Labs analysis determined that behind all these downloads was BitRAT, a remote access Trojan (RAT) that was first sold on a hacking forum in August 2020.
The malware bypasses the usual security systems of the PC
Another finding made by Fortinet experts is that BitRAT can bypass User Account Control (UAC) – a Windows security feature first introduced in Windows Vista that helps prevent unauthorized changes to the operating system. and Windows Defender – an antimalware component of Microsoft Windows, first released with Windows XP. They also discovered that this variant can monitor the screen and, if it exists, use the webcam.
Other actions carried out by BitRAT on the machine are:
Theft of credentials from browsers and applications installed on the compromised machine
Monero cryptocurrency mining
Keystroke logging
Upload and download of additional files on the compromised machine
Listen live through a microphone
In an attempt to hide the stolen information, this BitRAT variant stores the collected data (keystrokes, clipboard data, etc.) in an Alternate Data Stream (ADS) file. In FortiGuard’s analysis, the Trojan was also found to connect to a server of FranTech Solutions, a hosting provider known as a bulletproof hosting service provider that hosts both legal and illegal content.
Tips to avoid it
Taking into account that NFT is a booming phenomenon and that it attracts more and more investors, the threats will increase and, therefore, it will be necessary to take extreme precautions with measures as simple as:
Do not open files or click on unknown or strange links
· Do not open files downloaded from unreliable or suspicious sources, they can prevent cybercriminals from accessing users’ money and valuable data.
George is Digismak’s reported cum editor with 13 years of experience in Journalism