1 min read

Hackers Are Using NFT Excitement to Trick Users

Researchers from Fortinet are warning of a new threat to be on the lookout for.

Right now, NFTs are all the rage.  Everyone is talking about them, and many are excited about them.  Hackers have been quick to take advantage of that fact, and the Fortinet researchers have stumbled across a poisoned spreadsheet that purports to contain information about NFTs.

The spreadsheet actually quietly deploys a malware strain called BitRAT when opened.

BitRAT is a particularly nasty strain of malware that first appeared for sale on the Dark Web back in late 2020.  It is notable because it can bypass User Account Control (UAC), which is a Windows feature designed to prevent unauthorized access to the OS.

Once installed on a target system BitRAT can steal login credentials from browsers and other applications. It can log keystrokes and upload or download files which makes it more than capable of installing other forms of malware once the beachhead has been established.

It’s too early to say yet whether NFTs are here to stay or if they’re just a flash in the blockchain pan.  Either way, if they are generating buzz and excitement around the world, hackers will continue to exploit that excitement.

As the Fortinet researchers put it:

“Be mindful that attackers often use attractive and trendy subjects as lures. As NFTs become increasingly popular, they will be used to entice victims into opening malicious files or clicking on malicious links.”

The best thing you can do is to educate your employees and inform them of the threat.  Remind everyone you know that no matter how exciting the topic might be, it’s never a good idea to open files from untrusted sources or click on links embedded in emails.  If you need to go to a website open a new browser tab and manually type in the URL.  Better safe than sorry.

Used with permission from Article Aggregator

Encryption Protocols in Law: Digital Armor For Your Firm

Encryption Protocols in Law: Digital Armor For Your Firm

The courtroom may be your domain, but when it comes to data encryption, many legal professionals feel like they're arguing a case in ancient Greek....

Read More
Hybrid Cloud Approach for Portland Law Firms - Your Secret Weapon for Flexibility

Hybrid Cloud Approach for Portland Law Firms - Your Secret Weapon for Flexibility

Running a law firm in Portland used to mean living among the stacks. Not the ones at the Central Library, but those humming servers down the hall,...

Read More
Build a Niche Law Practice by Becoming the Go-To Data Privacy Specialist in Oregon

Build a Niche Law Practice by Becoming the Go-To Data Privacy Specialist in Oregon

If you’ve been looking for the next big opportunity in law, data privacy in Oregon is it. With one of the nation’s strictest new privacy laws about...

Read More

Fortinet VPN User Passwords May Have Been Leaked Online

Hackers recently released a list of nearly half a million Fortinet VPN usernames and passwords onto the Dark Web. The group behind the attack claims...

Read More

Microsoft Help Files Are Being Used To Distribute This Spyware

Diana Lopera is a researcher for Trustwave Cybersecurity and has stumbled across something that’s one part interesting and one part disturbing.

Read More

Cracked Software Downloads Are Spreading FFDroider Malware

There’s a new malware threat to keep an eye out for according to researchers from Zscaler. Dubbed FFDroider, this one is known for hijacking a...

Read More