There have been reports that hackers with ties to North Korea’s Lazarus Group are behind a huge phishing effort aimed at investors in non-fungible tokens (NFTs). This campaign is said to have used roughly 500 phishing sites to trick victims.
SlowMist, a blockchain security company, published a report on December 24 revealing the strategies that North Korean Advanced Persistent Threat (APT) groups have used to separate NFT investors from their NFTs. One of these strategies is to use fake websites that look like different platforms and projects related to NFT.
Some examples of these fake websites include a website that pretends to be a project associated with the World Cup, as well as websites that impersonate well-known NFT marketplaces like OpenSea, X2Y2, and Rarible. Another example of one of these fake websites is a website that pretends to be a site that is related to the Olympics.
According to SlowMist, one of the strategies that was used was to have these fake websites provide “malicious mints.” This strategy entails tricking users into believing that they are minting a genuine NFT by linking their wallet to the website in question. However, the NFT is really a false transaction, and the hacker, who now has access to the victim’s wallet, is left with the ability to steal funds from it.
The investigation also found that many of the phishing websites used the same Internet Protocol (IP), with 372 NFT phishing websites operating under a single IP and another 320 NFT phishing websites affiliated with another IP. This information was gleaned through the analysis of the phishing websites. According to SlowMist, the phishing effort has been going on for a number of months, and they noted that the earliest registered domain name was around seven months ago.
Phishing attempts also linked photos to target projects and recorded visitor data, storing it on third-party websites. These are only two of the many methods that were tried. After the hacker was about to obtain the visitor’s data, they would then proceed to run various attack scripts on the victim, which would allow the hacker access to the victim’s access records, authorizations, use of plug-in wallets, and sensitive data such as the victim’s approved record and sigData. After the hacker had obtained the visitor’s data, they would then proceed to run various attack scripts on the victim. After obtaining all of this information, the hacker is able to get access to the victim’s wallet and see all of the victim’s digital assets.
Related Posts:
To get daily updates & trending news on crypto follow us on:
Facebook:-Â https://www.facebook.com/CryptoShrypto/
Instagram:-Â Â https://www.instagram.com/cryptoshrypto_/?hl=en
Twitter:- Â https://twitter.com/cryptoshrypto1
Youtube:-Â Â https://www.youtube.com/channel/UCdAOUEQ3L_eYjU_NMDA1zxg
