At Softonic, we are always trying to keep you informed about all the different types of malware and cyberthreat that are out there. We’ve tracked the development of everything from ransomware taking cities hostage to phishing attacks targeting iPhone users, and created cybersecurity guides to help you stay ahead of the malicious actors. This one, though, is a new one for us. The research team at Malwarebytes Labs have discovered malware hiding in job offers for NFT-related job posts.
In a recent blog post, the cybersecurity specialists reported on a number of posts published on sites like DeviantArt and Pixiv, related to cyberpunk and ape NFTs. The posts are targeting artists to offer them jobs producing art that can be turned into NFTs. The messages are signed “Cyberpunk Ape Executives”, which is likely trying to capitalise on the success of Yuga Labs’ Crypto Punks and Bored Apes series that have raised hundreds of millions of dollars for the company and subsequent holders of the NFTs. It would be easy to lower your defenses and fall prey to the scam with such riches in the air.
The scam itself is not too sophisticated and employs tricks we’ve seen before. It is a phishing scam that is trying to get victims to download malicious files to their devices. The message sent to the prospective artists, reads:
“Hi! We appreciate your artwork! Cyberpunk Ape Executives is inviting 2D-artists (online / freelance) to collaborate in creating NFT project. As a 2D-artist you will create amazing and adorable NFT characters. Your characters will become an important part of our NFT universe! Our expectations from the candidate: 1) Experience as a 2D-artist 2) Experience and examples of creating characters 3) Photoshop skills
Main tasks: 1) Creating characters in our NFT style 2) Interaction with Art Team Lead on task setting, feedback. For further communication check out the examples of our NFT works: [url removed] and send a reply (CV + examples of your works) for this position. Approximate payment per day = $200-$350. We make payments to Paypal, BTC, ETH, LTC.”
The message comes with a link to a download page, which contains thumbnails of example GIF NFTs. The problem, which you can see in the image above is that one of the GIFs actually has .exe at the end of the file name instead of .gif. This means that, although the file name does contain the word gif, as it ends with .exe the file is an executable file instead of a gif file.
Malwarebytes reports that the file contains a form of infostealer, which the cybersecurity company describes as Spyware.PasswordStealer.EnigmaProtector.
As always with these types of scams, the lesson is to be ever vigilant when you are online and receive messages from strangers. To be extra safe, make sure you check out these 6 easy and free ways to be safe online.