Topic: Hackers hide malware in fake NFT game (Read 275 times)

Believe me, some people learn it some people don't or there's some people that will learn after did happen to them. 

and in this case I think they got clicked game look playful or get free nft after play some hours. You know the ads nowadays.its very colorful and attractive the best way is keep educating ourself right 

This is why im not really that downloading any wallet into my phone or any that is really connected into my crypto wallet because im that really a fan on downloading games and not into those NFT but also in other
games that could be found neither on playstore or in various places on net as long it does interest me then i would download it.Just like you had mentioned which i do have separate mobile device
for personal use and for crypto wallet which i could make out some transaction without worrying if your mobile phone is infected with some malware or not but its not really that
common for android viruses but this is really that very common on personal computers.

How it's possible to verify the source and contents? you have no way to verify since the source is closed, using virus total to scan the file doesn't effective because sometime it can't detect a malware or regularly show false positive result. The best way is never download any NFT game in your personal phone, if you really interested to play the game, it's better to bought another phone which you will use to download any unsecure apps or clicking random links.

Damn hackers will always come up with new ways to make people pay for their actions. This is such an important piece of information that will be helpful to anyone especially those who are chasing after NFTs. Hackers are looking at the weak point of people to strike, since almost every crypto person is into nft they decided to come up with this terrible idea of reckking their victims. Unbelievable.

Being an investor in an NFT game for the last 2 years and when they required me to download their software and game, I did. The good thing is that it's Axie and doesn't have the same malware.
But I think if I'm still in the same state for these play to earn games then sure that I may fall for this type of scam. And to those that like it that much, verify the source and the contents of what you're downloading before you proceed to press that accept and download button.

And they also seem to use other fake programs like OBS screencapture/streaming software to target influencers from streaming services

https://cryptoslate.com/wallets-of-nft-influencer-gets-drained-in-obs-malware-attack/

I sympathise but at the same time and can't keep serious face that someone called something as pompous as "NFT God" fails on such a basic level fails OpSec.
But truth to be told, i got one of my wallets drained just yesterday for the first time so maybe you should laugh at my Opsec.
My explanation is that i was was being greedy and hasty and trusted wrong person.

The most of the times when you are victim of these phising links the hackers install malware into your device or like you said whenever you type any password or seed phrases on that device they have access to it through keylogger which has been into your system through these viruses and your whole wallet is drained by the scammers yet we do such things.

The basic problem with most of the people is they have funds stored in same device they use for all the purposes and they click on various links on the internet becoming prone to such hacks.The best practice is to use air gapped devices for storing your funds that is never connected to internet so as to remain safe but if not then use hardware wallets or as said different device with non custodial wallets and funds in them.

You want to play NFT game, visit any site click on the links from random users or pop ups on the site do it but just have in mind the consequences it can have as you have funds in your wallet but I think most of the people don't imagine such things.They see game rewards like P2E earn concept and just to earn some shit token from the game they download full virus into the system and also run it on administrator allowing to make changes without a doubt but this is what happens afterwards.You gain nothing from the game but also loose what you have.

Imagine using the same device for saving seed phrases and downloading random NFT games from unknown mail senders.

It is recommended to move to Linux, but hear me out: it's free if you don't value your time.

But this doesn't have to do with firewalls. As far as I understand, the virus spreads on emails, and nobody hosts their own email server from home now more.

Just want to add to OP post, this is why its really important for people to learn a bit of network monitoring, and deny access on some port in your network, since there are lots of opensource firewall that we can use free, i have been using free opensource firewall since, aside from installing apps , they also inject or to links and emails, so knowing a bit on what to allow and won't is really an advantage this days, aside from your anti virus.

I can add that need to separate your devices for everyday tasks and entertainment, and for working with finances. In the first case, it will most often be Windows, and in the second, Linux or Mac is more desirable. Of course, on each of the devices, perform only certain tasks, in order to avoid troubles, such as hacking with the help of NFT games. You can get a used hardware of past generations, the capacities of which will be enough and will not cost much at all. But it will allow to avoid the effects of malware if you reduce the use of this PC to only work with crypto currencies.

Try Linux Mint with cinnamon desktop environment! Its interface is similar to Windows 10 which makes the experience of switching from Windows to Linux a tad easier. Plus, the community is pretty active which makes troubleshooting a lot easier.

Here are the resources I used!
- https://linuxcommand.org/tlcl.php - More on CLI to allow you become flexible on using the OS.
- https://youtube.com/@ChrisTitusTech - for general education about Linux system.

Hope that helps.

Maybe this will help you a little with the settings.
https://blog.eldernode.com/activate-and-use-sandbox-in-windows-10/
https://www.youtube.com/watch?v=UywHb0rOHVI

Thanks for the tips. I think for simple desktop users these virus is really not good and can really deceived them. Not all are proficient to execute those of you suggested to avoid this kind of malicious files. So the safest way is always check what you download online cause with a simple site, it could ruin your asset once he able to set up those click baits.

At one time, I studied how these viruses are created and hidden, and the fact that they can create the most common screenshots and instantly send these screenshots in stealth mode to a hacker is already dangerous. In another case, I think a hacker can set up surveillance specifically for certain applications in order to receive a signal in time when the user opens it. On the internet, this virus quietly spreads in free mode on specific subject forums (there is a simple guide to creating it), the task manager on Windows rarely detects it, and it is because of this that you must always monitor what and where you download. The best option would be to install a virtual machine, if necessary, download something, and also use a sandbox so that if malware enters, it is deleted when the application is closed.

I have been contacted by same kind of scammers several times, to do review of their obscure NFT game for money. I've always rejected the offer because real intentions shows miles away. And when you think about it, crypto people who connect their wallets for playing are the perfect target for the scam. You don't even have to get the banking details and hope banks don't reverse money transfers. You literally get everything without any work because others end up giving their wallets for you. I wonder how these won't happen all the time.

And funny enough people don't seem to care when some unknown game designers decide to use stolen trade mark. Like that wasn't a huge red flag.

Even more scarier if this is true. Yes and thats really dangerous for any users. Imagine if this kind of virus pass on millions of platforms that are popular and some users might not be able to figured out this sooner. Lots of money will be compromise.

What's new here? I thought once adding NFT to the wallet, hackers would be able to remotely monitor the device and thus know the seed and password when entered.
Installing a random games for fun on a device that has a hot wallet is stupid, you should be more careful or buy a separate phone for such things..

If you give them access to your files, then they may be able to access the wallet file, which is still encrypted with your password, then monitoring your device is enough for them to obtain that password, but it is strange that the wallets allow screen recording while writing passwords in the wallets.

For seeds, the situation is easier.

I am a fan of games not NFT games but this could also happen into some other games that are common and popular for which the devs can fake it out as the official one and then will insert any malware like RAT.

Well, these hackers will really do anything that they can to steal people's money and those that are hyper and keeps on installing any game as they wish especially the NFT games. You better be curious at all times and still verify anything that's related to the project you're interested with.

There has been a lot of scam related activities associated with NFT right from time because they know it's one of the easy means they can penetrate in for an attack, this begin to pop in after the discovery that newbies are too eager on the search on NFT because they believe those tokens will not only last but will pay them big amount of money which at the end doesn't work that way anymore, games download and NFTs are one of the easiest means for an attack and all they do is to introduce the attack virus in form of malware against the user system through what they download.

Thats a strong malicious virus, I think monitoring ones activity is common but the ability to steal passwords and phrase, is that can be done for example there are saves files on his folders? Or only if he can sees the activity where the phrases are been look up into?

Is there any news of this fraudulent in apps and mobiles already or only on pcs and laptops? Thanks Op this is a great news another one to avoid.