Skip to main content

That NFT job offer is probably malware

Trojan
(Image credit: Iaremenko Sergii / Shutterstock)
Audio player loading…

Unknown threat actors have been discovered targeting graphic designers and artists with infostealer trojans, security researchers have revealed.

Artists from popular sites such as DeviantArt and Pixiv have been getting multiple messages claiming to offer potentially lucrative job roles. However, the job offer is just a disguise, as the sender’s true goal is to distribute an information-stealing trojan with a “good chance” of not being spotted by antivirus solutions.

Info-stealers usually grab passwords and other identity (opens in new tab)-related data stored in browsers, as well as cryptocurrency wallets, credit card data, and similar. 

(opens in new tab)

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

A job offer, or trojan?

In the job offer, the artist is invited to work on an NFT project. NFTs, or non-fungible tokens, in this context, are pieces of art stored on the blockchain. Lately, they’ve been enjoying enormous popularity and dizzying valuations (some are worth tens of millions of dollars).

In the offer, the artist will be told what’s expected of them, will be asked for their CV or resume, and will be given a link with examples of previous NFT work by the project managers. That link, for which the attackers say is essentially the project’s style guide, leads to a password-protected RAR archive named 'Cyberpunk Ape Exemples (pass 111).rar.

The archive does carry a few low-res images, but also carries a well-hidden .EXE file. At first glance, it appears to be a .GIF file, but is, in fact, malware.

While infostealers can do all kinds of damage, and steal all kinds of information, in this context it’s safe to assume that the attackers could be after the artists’ cryptocurrency wallets, especially if they’ve been involved in NFT projects in the past. Crypto projects usually pay their team members, employees, and collaborators, in cryptocurrencies.

Cyberpunk Ape project leaders took to Twitter to distance themselves from this campaign, saying the job offer is not real.

“Don't respond. Don't click the link. Report the people who are doing this on the platform they contact you on,” the Twitter post reads.

Via: BleepingComputer (opens in new tab)

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.