Security News > 2022 > October > Fake Solana Phantom security updates push crypto-stealing malware
Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets.
When visiting these sites from any device, the site automatically downloads a Windows batch file named Phantom Update 2022-10-08.bat [VirusTotal] from DropBox.
Previous campaigns were downloading executables named Phantom Update 2022-10-04.exe.
MarsStealer is an information-stealing malware launched in 2020 and steals data from all popular web browsers, two-factor authentication plugins, and multiple cryptocurrency extensions and wallets.
The goal of this campaign is likely to steal cryptocurrency wallets and passwords that would allow the threat actors to steal all crypto funds and compromise other accounts belonging to the victim.
Victims who installed the fake Phantom security update should immediately scan their computer with an antivirus program and then transfer crypto funds and assets from their existing Phantom wallet to a new one.
News URL
Related news
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures (source)