Analysis: Cybercriminals are going after NFT creators
Non-fungible tokens (NFTs) are surely the hottest crypto asset class. In 2021, buyers spent over $40 billion buying NFTs, crypto investigations company Chainalysis projects NFT sales to easily blow past that number this year, considering the fact that people have already spent over $37 billion buying NFTs as of May 1, 2022.
“NFTs have been one of the most dynamic and prominent parts of Web3 over the last two years,” noted Ethan McMahon, Economist at Chainalysis in a press release shared with Economy Middle East.
“To a large extent, the current excitement around NFTs stems from their utilization in buying and trading digital art. But the potential of this technology is far greater as it can be used to not only give the holder ownership over the digital data, or media associated with the token, but also real-world assets.”
Government agencies around the world have been keeping a close eye on the booming crypto economy. But they aren’t the only ones.
According to a recent report by cybersecurity firm Malwarebytes, there’s been a noticeable increase in malware campaigns targeting the NFT community. The lure of high-value digital assets in the hands of individuals, many of whom lack proper cybersecurity hygiene, is too hard to resist.
In their latest report Malwarebytes shares details of an “increasingly bizarre internet scam, which contains malware, stolen accounts, a faint possibility of phishing, and zips full of ape pictures.”
The scam involves messages of job offers sent to users on several sites such as DeviantArt and its Japanese counterpart Pixiv. In the messages, the scamster claims to be from “Cyberpunk Ape Executives”, a genuine line of NFTs, and offers artists an opportunity to contribute to their NFT universe.
The ads invite users to download a collection of images, one of which is an executable file that according to Malwarebytes’ is no-good malware, which apparently hasn’t revealed its true intent just yet.
“What we’ve observed [is] that it connects to a server, sending some basic system information like Operating System and various system parameters. There’s no direct evidence of password theft (yet), though it could be waiting for direct orders or certain conditions to swipe data,” notes Malwarebytes in its report, advising users not to blindly follow URLs sent in unsolicited messages.
Similar scams have been a mainstay on the internet for a long time now. However, the growing popularity of the decentralized finance (DeFi) economy has painted a target on the backs of the participants and NFT creators seem to be the latest to come under fire.