Explanation of PDF phishing attacks, targeting creators, project parties, and KOLs.
Scams in the cryptocurrency field are rampant, with a new scam targeting creators, Key Opinion Leaders (KOLs), and project parties by spreading fake PDF files to deceive victims of their wallet assets.
Twitter user Serpent detailed the scam method in a tweet, and this article summarizes the process and case content.
Table of Contents
PDF Scam
๐จ FAKE FILE EXTENSION SCAM ๐จ
Scammers are spoofing file extensions to disguise malicious files as PDFs and targeting artists, influencers, and projects.
This is how it works ๐งต๐ pic.twitter.com/XzJo2LziQR
โ Serpent (@Serpent) June 25, 2022
According to the conversation screenshots provided by Serpent on Twitter, targeted creators are asked to create specific content based on sketches and examples provided in the scammer's PDF. Victims, due to business requirements, are compelled to view the contents of the PDF. However, once opened, the scammers' scheme is successful.
If the detailed information in the PDF provided by the scammers is opened, it is discovered that the file is actually a Screen Saver .scr file, an executable script disguised as a PDF.
Once the victim opens this file, their NFTs in the wallet will be listed for sale, and their crypto assets will be transferred to the scammer's wallet.
How Do Scammers Achieve This?
The scam method is not complex. First, the file name has ".pdf" appended at the end, and the file icon is changed to appear as a PDF file. Finally, the document is filled with a lot of junk code to make it larger than 650MB, exceeding the file size limit of the VirusTotal malicious software analysis service.
"This is a long-standing web2 scam strategy that works for any file type," warned Serpent.
The .scr file used by scammers can execute any code and can basically be considered as an exe. file. Once opened, the user's cookies, passwords, data, etc., can potentially be stolen.
For example, scammers can modify the MetaMask extension plugin to a malicious version, or more simply, they can wait for users to log into MetaMask and then transfer their assets.
Serpent recommends that if attacked in this manner, it is advisable to reset the computer, create a new wallet, and change all passwords.
How to Prevent Such Scams?
The best method, of course, is not to open or download such risky files and to learn and research about security issues in web2.
However, if you must open it, Serpent suggests uploading the file to Google Drive to view it, or using a virtual machine. By clicking on File name extensions in the View section, you can clearly see the file type.
Related
- Hong Kong Crackdown on Cryptocurrency Crime: 14-Year-Old Uses Counterfeit Money to Scam Cryptocurrency, Nets $1.4 Million
- Legislator Xu Qiaoxin's relatives suspected of involvement in a virtual currency money laundering case, with the amount involved exceeding tens of millions.
- "Police Officer in Changhua Joins Scam Group After Being Cheated in Cryptocurrency Trading, Convicted for Providing Money Laundering Services Using Dummy Accounts"