Fake remote tools
It was revealed last week that a fake project site disguised as a Pokemon NFT (Non-Fungible Token) card game had a “remote tool” aimed at hijacking users’ computers.
According to South Korean cybersecurity firm AhnLab, users may have downloaded a game from a website but actually installed NetSupport Manager remote control software.
This software is used by administrators to manage multiple computers from a remote location. Unlike other malware (malicious software), it is often considered a regular program. Cases using similar products such as AnyDesk and TeamViewer have also been detected.
This time, on the fake NFT game site, NetSupport Manager was downloaded from the “Play on PC” link in the center of the image below.
Source: AhnLab
Since the icon and file name displayed when the file is disclosed are disguised, it is said that there are many cases where it is installed without noticing it.
Source: AhnLab
Since the attacker can remotely control the mouse and keyboard on the PC through this tool, it is possible to directly manipulate the PC usage history, software wallet, etc., or install other malware. AhnLab states:
The remote control tool provides an easy-to-use remote desktop. Even if it is not developed with malicious intent, if it is installed on a system carelessly, it can be exploited by a threat actor, such as installing additional malware or stealing information.
Cryptocurrency scam modus operandi
AhnLab has also identified other attacks that exploit NetSupport Manager through spam emails and spoofed sites. If you want to install external software, you should be careful to download it from the official website.
Attacks with complex DeFi vulnerabilities and new tricks such as hacking bridges are reported every day, but it shows that classic mutual fund fraud is still rampant.
In recent years, many cryptocurrency scams have been confirmed to take advantage of high-profile projects. There are also statistics that multiple fraudulent sites earned a total of about 176 million yen ($1.2 million) by taking advantage of “The Merge” that Ethereum (ETH) celebrated on September 15, 2022. .
Relation:170 million yen in damage due to ETH merge fraud in September = Chainalysis
In 2022, “hard lag pull (exit fraud),” which utilizes crypto assets (virtual currencies) with pre-programmed scam functions, will surge. Of the 117,629 scam tokens created from the beginning of the year to December 1st, 98,442 were “honey pots” that could be bought but not sold.
A prime example of Honey Pot is the Squid Game (SQUID), which increased by 45,000% in just a few days. As the price of non-sellable constrained tokens continues to rise, greedy users tend to be tricked into buying them.
Relation:“Rag pull (exit fraud)” of rapidly increasing virtual currency projects, what is the trick?
