Threat Actors Target Crypto Communities and NFT Discord
A malware campaign that specifically focuses on cryptocurrency- and NFT-related Discord communities has been uncovered, according to a report by Bleeping Computer.
Malicious actors abuse the popular card service with the help of an encryptor called Babadeda, which means “grandmother-grandfather” in Russian.
Cybersecurity firm Morphisec was the first to discover the new malware distribution campaign earlier this week.
Criminals usually try to coax users into downloading bogus software, by copying popular blockchain games such as “Mines of Dalarna”.
Based on an HTML object of one of the decoy sites, Morphisec determined that the malware campaign is operated by people from a Russian-speaking country.
The threat actors are masquerading as the websites of some of the most important companies in the NFT industry, including OpenSea and Larva Labs.
Those who started installing the malware typically see a fake error, which is used as a deception technique, while the installer does its job in the background.
Cybercriminals are likely to prey on the crypto wallets and NFTs of victims.
Discord’s malware problem
It is not surprising that Discord has become the target of threat actors since it has become home to plenty of cryptocurrency users where they can communicate via publicly accessible channels or private messages.
It’s not just crypto: Sophos revealed that Discord accounted for 4% of all malware downloads in July.
Earlier this month, Discord shelved its plan to integrate the Ethereum network after facing severe backlash from the anti-crypto segment of its customer base.
