Fake solana wallet security update trying to steal cryptowritten by Bella Palmer
To add urgency, the message claims that failing to download the fake security update, ‘may result in a loss of funds due to hackers exploiting the Solana network’
For the last two weeks, unknown hackers have been airdropping nonfungible tokens (NFTs) to Solana cryptocurrency users masquerading as a new Phantom wallet security update, however, instead of an update, it's malware designed to steal their crypto.
According to BleepingComputer, the hackers are claiming to be from the Phantom team and using NFTS titled "PHANTOMUPDATE.COM" or "UPDATEPHANTOM.COM."
After opening the NFT, users are told a new security update has been issued for the Phantom wallet and can be downloaded by using the enclosed link or the listed website.
To add urgency, the message claims that failing to download the fake security update, ‘may result in a loss of funds due to hackers exploiting the Solana network.’
The urgency piece is likely related to the Solana-based wallet hack which saw roughly $8 million stolen from 8,000 wallets in August, including those of Phantom wallet users. The security exploit was later linked to vulnerabilities within the Solana-based Web3 wallet service Slope.
Should a victim follow the fake Phantom update instructions, the process ends with malware being downloaded from GitHub which attempts to steal browser information, history, cookies, passwords, SSH keys and other information from the user.
Users who may have inadvertently fallen prey to this scam are recommended to take security precautions such as scanning their computer with antivirus software, securing crypto assets, and changing passwords on sensitive platforms such as bank accounts and crypto trading platforms.
In the past, similar malware-spreading campaigns have employed malware dubbed ‘Mars Stealer’ to steal crypto from unsuspecting users.
An upgrade of the information-stealing Oski trojan of 2019, Mars Stealer targets more than 40 browser-based crypto wallets, along with popular two-factor authentication (2FA) extensions, with a grabber function that steals users' private keys.
This article is for information purposes only.
Please remember that financial investments may rise or fall and past performance does not guarantee future performance in respect of income or capital growth; you may not get back the amount you invested.
There is no obligation to purchase anything but, if you decide to do so, you are strongly advised to consult a professional adviser before making any investment decisions.