Fake Phantom Wallet Security Update Is Actually Malware

This is not the only type of fake NFT out there.

NFTs are being airdropped to Phantom wallets by Hackers in an attempt to gain access and steal assets. The airdropped tokens pretend to be alerts for a new security update from the Phantom team. Users who are not careful have installed the malware, which steals passwords and allows for the theft of crypto and other assets from the wallets.

Fake Phantom security update NFTs

This attack is weeks in the making , starting two weeks ago there were NFTs with the title “PHANTOMUPDATE.COM” or “UPDATEPHATOM.COM” sent to unsuspecting users. The NFTs claimed to be sent by Phantom developers and warning the user of a security issue. 

Once the NFT was opened, users are informed that a new security update has been released and they should click the link to visit the site and download the update. Once the user clicks the link the site automatically downloads a batch file named PHANTOM_UPDATE_2022-10-8.BAT which is a virus from a DropBox folder. Once the file is launched it will check if it has admin privileges and if not show a window prompt asking for those permissions.

All of this will lead to a virus being placed on your computer and your passwords will be stolen. The goal of this virus is to steal crypto from users and compromise connected accounts. There are many scams users of Phantom should look out for. Using airdropped NFTs to hack into a wallet is not a new concept but it is being use more frequently. Another NFT scam is utilizing Raydium claiming to offer the user a way to join their alpha-testers team

There are many scams involving airdropped tokens and NFTs; luckily the team at Phantom has given users the ability to burn tokens and earn at the same time. Perhaps it’s best to take advantage of that option at the moment, and remember if it’s too good to be true then it probably is.

Leave a Reply