"NFTs Emerge as the Next Enterprise Attack Vector"

A recent malware campaign involving a lure about non-fungible token (NFT) projects suggests that threat actors are taking advantage of the growing interest in digital goods. The campaign observed by Malwarebytes researchers involved messages appearing to be sent from NFT project Cyberpunk Ape Executives. The messages were sent to digital art creators on online platforms such as DeviantArt and Pixiv, inviting them to work with people behind the Cyberpunk Ape project to develop new NFT characters. Recipients were also promised compensation of $350 per day. Each message contained a link that directed recipients to additional information about the NFT project. Once clicked, the link sent the recipient to a site where multiple images of apes are downloaded. These images were claimed to be examples of NFTs from the project, but one of the images was an executable file that infected the user's system with an information stealer once opened. Malwarebytes saw many account holders on Pixiv and DeviantArt complaining about their accounts being used to spam others with messages about the Cyberpunk Ape Executive NFT project. The researchers said it has not yet been able to confirm if the information stealer itself was responsible for the account hacks or if another form of phishing was involved. Malwarebytes researchers have been seeing various NFT and cryptocurrency threats every day, with the most common attacks trying to trick cryptocurrency enthusiasts into revealing their wallet's recovery phrase. Check Point Research has also observed attacks attempting to trick users into providing NFT platform or wallet access, as well as those that target NFT marketplace vulnerabilities to access NFTs belonging to digital artists. There have been attacks involving using malicious NFTs to exploit platform vulnerabilities. Organizations holding NFT assets or cryptocurrency assets must be aware of these threats. Researchers emphasize that enterprise users who access NFT marketplaces through their company-issued devices could also put their organizations at risk of attacks. This article continues to discuss the recent NFT-centric malware campaign and the growing threat of NFT-related cybercrime.

Dark Reading reports "NFTs Emerge as the Next Enterprise Attack Vector"