Malware Detected Warning Screen

Fake Solana wallet update steals users’ digital holdings via NFT airdrops

Bad actors are wreaking havoc on Solana’s community through malware to steal users’ virtual currency holdings. Bleeping Computer reported that the hackers are hiding behind a fake security update to install malware on victims’ devices as the final puzzle in the heist.

According to the report, the scammers operate by airdropping Non-Fungible Tokens (NFTs) to users of the Phantom wallet. After opening the NFTs, users are met with a message urging them to install a new security update by clicking a link in the attachment.

“Phantom requires all users to update their wallets. This must be done as soon as possible,” read the fake warning. “Failing to do so may result in loss of funds due to hackers exploiting the Solana network.”

Users that fall for the scam and click the link are led to a site that automatically downloads a file that acts as password-stealing malware when installed. An analysis shows that the malware has proficiency in stealing browser history, passwords, cookies, and even SSH keys and has been likened to Mars Stealer, malware with a streak of harvesting sensitive data from digital asset wallets.

The scam aims to obtain passwords from victims’ devices and ultimately pilfer their digital currencies. Bleeping Computer warns that the threat goes beyond virtual currency wallets and can be extended to other accounts belonging to the affected individuals.

Users who believe they have been a victim of the malware have been advised to scan their devices with an antivirus program and immediately transfer their holdings from the Phantom wallet to another wallet. As an extra layer of security, users are advised to change their passwords on virtual asset platforms and banking applications with the directive to use different passwords for each application.

Solana’s bad turn rolls into Q4

The activities of the Phantom hackers have been linked to the Slope hack that affected Solana’s community in August that led to the loss of nearly $8 million from 8,000 wallets. The incident left a dark patch in Solana’s already torrid year that has been inundated with reports of network outages.

Since the start of the year, Solana has suffered nearly a dozen network outages that dampen developers’ enthusiasm for building projects on the network. One network outage lasted 17 long hours, with the latest happening on September 30, caused by a misconfigured node.

However, Anatoly Yakovenko, the network’s co-founder, says he is considering a “long-term fix” to the dark history of outages using Firedancer, a Solana client with its software development team.

“Because it’s a separate team, the probability of them having the same bugs in their code as ours becomes virtually zero,” said Yakovenko.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups from BitMEX to BinanceBitcoin.comBlockstreamShapeShiftCoinbaseRipple,
EthereumFTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]