Cybercriminals target digital artists
Cybercriminals looking for quick payment and valuables are targeting digital artists using NFTs (non-fungible tokens), security researcher Bart Blaze warns.
Attackers take advantage of artists’ desire to work and earn money to trick them into downloading information-stealing malware that will help them plunder their crypto wallets and break into their various online accounts (email, instant messaging, games, banking, etc.).
The different tricks used by criminals to target digital artists
In a variation of the attack, it all starts with the attacker adopting an entirely fake persona, contacting the artist (usually via Twitter, Instagram, or email), and commissioning an artwork. custom digital.
In another, the attacker poses as an employee of an existing software company and asks the target to beta test photo-editing software in exchange for payment in ETH (Ethereum).
In both cases, the attacker asks the targeted artist to accept/download and open a .src file (ostensibly an example of what the artwork should look like) or an archive file (with the .src or other types of executable files inside).
Those who open these files without checking whether they are possibly malicious may end up dealing with the RedLine information stealer, which is capable of:
- System information collection
- Steal username and password from browsers
- Steal crypto wallet information from Chrome extensions and wallet.dat files
- Steal data from other software (e.g. Steam or FileZilla)
- Execute commands by attacker (e.g. download other files, open link, etc.)
Once all this data has been collected, the attacker can start logging into the target’s accounts, attempt to steal their tokens, impersonate them, install other malware, etc., Blaze notes.
What to do before and after an attack?
A number of digital artists have already fallen for the trap or identified it as a scam and are warning others via Twitter.
WARNING TO ALL ARTISTS
I got a DM from “John Billmate” claiming to be “Photo Editor Distributor” from @SkylumSoftware
— Cloudy Night ☁️ (@CloudyNight_k) June 11, 2021
Blaze advises potential targets (in this particular case, Windows users) to ensure that their operating system and anti-virus software are up-to-date, their Windows Firewall enabled, their UAC (User Account Control ) set to the maximum level, and make file extensions visible on their system.
On top of that, he recommends using unique passwords across all accounts (and using a standalone password manager), enabling 2FA or MFA on those accounts when possible, using a hardware wallet instead of a software wallet and store its seed phrase offline.
Finally, digital artists should carefully assess the legitimacy of previously unknown potential clients and refrain from running files with dangerous extensions or opening archive files of people they do not know/in whom they do not know. they don’t trust.
This list contains dangerous file extensions that you should avoid if they are not from trusted sources:
bat, trash, cmd, com, cpl, exe, gadget, inf, ins, inx, isu, work, jse, lnk, msc, msi, msp, mst, paf, pif, reg, rgs, scr, sct, shb , shs, u3p, vb, vbe, vbs, vbscript, ws, wsf, wsh.
— 🌈 ArielBeckerArt.eth #SquidGang 🦑 (@arielbeckerart) June 10, 2021
Sometimes antivirus software detects and blocks the malicious file, but attackers often use tricks to thwart it.
“You can also Google any information they send to further verify their claims,” Blaze added.
Those who fall for such a scheme are advised to first and foremost contact their NFT marketplace and crypto wallet providers to try to block the account takeover and then start changing passwords. to other accounts (email, bank, etc.) from another device without compromise. and start scanning their machine for evidence of compromise.