Security News > 2022 > October > Solana Phantom security update NFTs push password-stealing malware
Hackers are airdropping NFTs to Solana cryptocurrency owners pretending to be alerts for a new Phantom security update that lead to the installation of password-stealing malware and the theft of cryptocurrency wallets.
When opening the NFTs, wallet owners are told that a new security update has been released and that they should click the enclosed link or visit the site to download and install it.
When visiting these sites from any device, the site automatically downloads a Windows batch file named Phantom Update 2022-10-08.bat [VirusTotal] from DropBox.
Previous campaigns were downloading executables named Phantom Update 2022-10-04.exe.
Victims who installed the fake Phantom security update should immediately scan their computer with an antivirus program and then transfer crypto funds and assets from their existing Phantom wallet to a new one.
Ultimately, victims should change their password to a unique one for every site they visit to prevent credential leaks at one site from affecting other sites.