Unknown threat actors targeting graphic designers and artists have been discovered with info-stealing Trojans, security researchers have revealed.
Artists on popular sites like DeviantArt and Pixiv have received several messages claiming to offer potentially lucrative jobs. However, the job posting is just a disguise, as the sender's true purpose is to distribute an information-stealing Trojan with a "good chance" of being missed by antivirus solutions. .
Information thieves often take passwords and other identity-related data stored in browsers, as well as cryptocurrency wallets, credit card data, and more.
A job offer or a Trojan horse?
In the job posting, the artist is invited to work on an NFT project. NFTs, or non-fungible tokens, in this context, are works of art stored on the blockchain. Lately, they are enjoying great popularity and sky-high valuations (some are worth tens of millions of dollars).
In the offer, the artist will be informed of what is expected of him, will be asked for his resume or resume, and will be given a link to examples of previous NFT work by the project leaders. This link, which the attackers claim is essentially the project's style guide, leads to a password-protected RAR file called "Cyberpunk Ape Examples (pass 111).rar".
The file contains some low resolution images, but it also contains a well hidden .EXE file. At first glance, it appears to be a .GIF file, but it is actually malware.
While data thieves can cause all kinds of damage and steal all kinds of information, in this context, it's safe to assume that attackers could be after artists' cryptocurrency wallets, especially if they've been involved in NFT projects on the internet. last. Crypto projects often pay their team members, employees, and collaborators in cryptocurrencies.
Officials from the Cyberpunk Ape project took to Twitter to distance themselves from the campaign, saying the job posting was not real.
“Don't answer. Don't click on the link. Let people know who do this on the platform they contact you on,” reads Twitter.
Via: BleepingComputer