North Korean hackers linked to cybercrime group 'Lazarus Group' are behind a massive phishing campaign targeting non-fungible token (NFT) investors, using around 500 phishing domains to dupe victims, a new report said.
The strategies used by the North Korean Advanced Persistent
Threat (APT) groups to distract NFT investors from their NFTs, such as the use
of fake websites that appear to be various NFT-related platforms and projects,
Cointelegraph quoted the report as saying.
These fake websites included one that presented itself as a
World Cup project and others that impersonated popular NFT marketplaces like
OpenSea, X2Y2 and Rarible.
The use of "malicious Mints" which tricked the
victims into thinking they are minting a real NFT by connecting their wallet to
the website, was one of the strategies implemented.
The report also showed that a large number of phishing
websites shared the same Internet Protocol (IP), with 372 NFT phishing websites
sharing a single IP and another 320 NFT phishing websites using a different IP.
Other phishing techniques used included saving visitor data
to external websites and recording it, as well as attaching photos to the
projects that were being targeted.
One phishing address alone was able to get 1,055 NFTs and
profit 300 Ethereum (ETH), worth $367,000, through its phishing tactics, the
report said.
.jpeg)
0 comments:
Post a Comment