For two weeks now, hackers have been sending users of the Phantom wallet for the Solana NFT network with an image about the need to update the client. The link leads to a phishing site.
According to the BleepingComputer resource, NFTs offer users to go to the phantomupdate.com or updatephantom.com sites, from where they are invited to download the “wallet update”. It’s actually malware. At the same time, the message to NFT emphasizes that if the upgrade is refused, “users may lose funds due to vulnerabilities in the Solana network.”
If the user downloads the “update”, when launched, the executable file will request administrative privileges in Windows OS and run a PowerShell script to download and install malware. A virus called MarsStealer steals passwords, information from browser cache history, SSH keys, and also tries to find addresses and passwords of cryptocurrency wallets.
Computer information specialists warn users that if they have installed this program, then they need to change passwords for services as soon as possible, including cryptocurrency wallets, personal bank accounts, and so on.
Recall that in August, hackers managed to gain access to thousands of wallets of Solana network users, including Phantom users.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
