Solana hackers use airdropped NFTs to lure users into clicking on a "fake Phantom update prompt" to steal cryptocurrency assets

According to a report by BleepingComputer, hackers are airdropping NFTs to Solana users. When users click to open the NFT, a warning pops up claiming that the Phantom wallet has released a new security update. Users are prompted to click on the link provided or visit the website for download and installation. Upon visiting the website, a malicious software called MarsStealer disguised as a file is automatically downloaded from DropBox. The installation process requests to run with administrator privileges and it is capable of stealing data from commonly used web browsers, two-factor authentication browser extensions, and multiple cryptocurrency wallet extensions.

According to BleepingComputer, hackers are airdropping NFTs to Solana users. When users click to open the NFT, a warning pops up claiming that the Phantom wallet has released a new security update. Users are instructed to click on the attached link or visit the website for download and installation. Upon visiting the website, a malware called MarsStealer disguised as a file will automatically be downloaded from Dropbox. The installation process will prompt for administrator privileges and can steal data from commonly used web browsers, two-factor authentication extension plugins, and multiple cryptocurrency wallet extension plugins.

Victims who have installed the fake Phantom security update are advised to immediately scan their devices with antivirus software, transfer their encrypted funds from the existing Phantom wallet to a new wallet, and change passwords on all websites they use.

This article is authorized for reposting from Foresight News. Foresight News is a Chinese content platform in the Web3 vertical field that adheres to the basic principles of "objectivity" and "neutrality," dedicated to creating a Chinese gateway to the Web3 world.