Cybercriminals are using the rise in popularity of NFTs to dupe users into installing trojan malware capable of hijacking their computers and collecting usernames and passwords. Fortinet cybersecurity researchers have discovered a “peculiar-looking Excel spreadsheet” that pretends to give information on NFTs but is used to transmit BitRAT malware.
BitRAT is a remote access trojan (RAT) that first appeared on underground forums in August 2020 for sale. It’s renowned for its ability to circumvent User Account Control (UAC), a Windows feature that prevents unauthorized changes to the operating system. The malware has various trojan features, such as the capacity to steal login credentials from websites and apps, log keystrokes, and upload and download files. BitRAT can additionally watch the victim’s screen in real-time, access their webcam, and listen to audio through the microphone in this version.
The malicious Excel file’s distribution method isn’t specified, but it purports to provide information on prospective investment returns and the quantity of NFTs accessible in each series. It also has links to actual NFT Discord communities, implying that the targeted victims are most likely NFT fans. If enabled, a malicious macro in the Excel file executes a PowerShell script that fetches and downloads malware before silently launching it on the affected PC.
NFTs (non-fungible tokens) are digital tokens that employ blockchain technology to authenticate the validity and ownership of digital information. Because of the frenzy around NFT paintings and other collectibles, they may sell for millions of dollars. People become engaged immediately when a lot of buzz and money is involved. On the other hand, cybercriminals are always on the lookout for new trends and themes to exploit in order to fool victims into opening phishing emails or installing malware. They’re taking advantage of the interest in NFTs right now.
In addition to gathering data and spying on the victim, BitRAT can install cryptojacking malware on the infected system, allowing them to discreetly exploit the processing power to mine for Monero cryptocurrency. Because NFTs may be traded for enormous sums of money, the cybercriminals behind this effort may be profit-driven. Even if the victim does not possess NFTs, the quantity of personal information that trojan software may steal can be extremely valuable to the attackers – and highly harmful to the victim.
“Be mindful that attackers often use attractive and trendy subjects as lures. As NFTs become increasingly popular, they will be used to entice victims into opening malicious files or clicking on malicious links,” warned the Fortinet researchers. “Standard security practices such as not opening files downloaded from untrusted or suspicious sources can prevent threat actors from gaining access to users’ money and valuable data,” they added.
