North Korea’s notorious Lazarous Group, notorious for launching cyber attacks, has once again come under the spotlight for targeting the NFT sector with back-to-back attacks. The hacker group has launched around 500 phishing domains, which they use to dupe unsuspecting victims who are also avid NFT buyers. The allegations against the Lazarous Group were noted in the recent report by SlowMist, a blockchain security firm. The report has highlighted that this NFT stealth campaign has been running for months, with the earliest malicious domain being registered between May and June.
NFTs or non-fungible tokens are blockchain-based digital collectibles, most of which also work in compatible Metaverse experiences. Most of the time, NFTs are valuable and their blockchain-based creation transfers full ownership of these virtual collectibles to buyers and is stored in crypto wallets.
That lazarous group has deployed “bait websites” pretending to be legitimate NFT projects in order to trick them into engaging with these infected websites.
“phishing websites collects visitor data and stores it on external sites. The hacker records visitor information via an HTTP GET request on an external domain. Our investigation revealed that the hackers used multiple tokens such as WETH, USDC, DAI, and UNI etc. in their phishing attacks,” the said official post by SlowMist.
One technique was to create fake NFT-related websites using malicious mints to steal NFTs. They used almost 500 different domain names and sold them on platforms such as @Open sea, @X2Y2and @Rare.
One of the earliest incidents can be traced back to 7 months ago. pic.twitter.com/4COsMuR80x
— SlowMist (@SlowMist_Team) December 24, 2022
This year, while not being ideally profitable for the NFT industry, has managed to see multiple scammers flock to the sector to launch attacks.
Last week, for example, anti-theft platform harpie said a new type of scam is looming over OpenSea’s visitors, offering “gasless sales” on the platform and eventually redirecting victims to phishing sites.
As part of the reportedly ongoing scam, hackers trick people into signing an unreadable message. Gasless NFTs are likely to attract signature requests from first-time buyers.
In its report, SlowMist said North Korea’s Advanced Persistent Threat (APT) groups left victims’ wallets vulnerable to further hacking.
:rotating_light:SlowMist Security Warning:rotating_light:
North Korean APT group targets NFT users with large-scale phishing campaign
This is just the tip of the iceberg. Our thread covers only a fraction of what we discovered.
Let’s dive in pic.twitter.com/DeHq1TTrrN
— SlowMist (@SlowMist_Team) December 24, 2022
In addition to traditional phishing, scammers have also used the ice phishing technique to steal digital collectibles that can be used on the internet Web3 sector.
Last week 14 NFTs the expensive and famous Bored Apes Yacht Club (BAYC) collection.were stolen in an ice phishing attack.
Ice phishing scams are cyber attacks this maneuver Web3 user into manually signing and approving credentials that allow notorious actors to issue their tokens.
Traditional phishing scams allow hackers to steal private keys or passwords by tricking unsuspecting people into clicking malicious links or visiting infected bogus websites.
