Security News > 2022 > October > Fake Solana Phantom security updates push crypto-stealing malware
Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets.
When visiting these sites from any device, the site automatically downloads a Windows batch file named Phantom Update 2022-10-08.bat [VirusTotal] from DropBox.
Previous campaigns were downloading executables named Phantom Update 2022-10-04.exe.
MarsStealer is an information-stealing malware launched in 2020 and steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.
The goal of this campaign is likely to steal cryptocurrency wallets and passwords that would allow the threat actors to steal all crypto funds and compromise other accounts belonging to the victim.
Victims who installed the fake Phantom security update should immediately scan their computer with an antivirus program and then transfer crypto funds and assets from their existing Phantom wallet to a new one.
News URL
Related news
- Crypto-stealing malware campaign infects 28,000 people (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)