1. Home
  2. malicious

malicious

Nifty News: Fake Pokémon NFT game spreads malware, ‘Jai Ho’ singer to launch metaverse and more

Software used to access computers remotely has been inserted in a phishing website fronting as an NFT card game for the popular Pokémon franchise.

Hackers hide malware in fake NFT game

A phishing website purporting to offer a Pokémon-branded nonfungible token (NFT) card game has been spreading malware to unsuspecting gamers, a cybersecurity firm has warned.

The website, which at the time of writing was still online, also claims to offer an NFT marketplace, with a link to buy tokens and even an area to stake NFTs all based on the popular Japanese media franchise.

However, an arm of the South Korean cybersecurity firm AhnLab, warned the public about website on Jan. 6, noting that instead of downloading the game, users were actually downloading a remote access tool — allowing hackers to take control of their device.

A screenshot of the phishing website, the “Play on PC” link at the bottom of the image downloads the malware.

The tool, known NetSupport Manager would allow the attackers to not only remotely control the computer's mouse and keyboard but also access the system’s file management and history along with executing commands allowing them to install additional malware, the firm warned.

The public has been advised to only purchase or download applications from official websites and not open attachments in suspicious emails.

The composer behind ‘Jai Ho’ to spin up metaverse

Allah Rakha Rahman, the Indian composer and singer known for the Grammy Award-winning song Jai Ho is launching his own metaverse platform for artists and their music.

Rahman tweeted on Jan. 6 that his “Katraar” metaverse “is one step closer to launching” along with a video of him explaining the upcoming platform which will use “decentralized technology” according to its website.

In the video, Rahman said his vision for the platform was to “bring in new talents, technologies, and [...] direct revenue for artists,” with one revenue stream seemingly the integration of NFTs.

“Right now we are working with the HBAR Foundation to do many cool things, one is bringing a lot of NFTs.”

The HBAR Foundation is a not-for-profit independent organization of distributed ledger firm, Hedera Hashgraph, the creator of the ledger and cryptocurrency Hedera (HBAR).

Rahman added there’s also “an undisclosed project based on virtual beings” but did not provide further details.

2023’s first week of NFT sales jump 26%

Post-Christmas blues appears to have worn off, at least for the NFT market, with sales volume jumping nearly 26% in the first week of 2023, compared to the prior week.

According to data from market metrics aggregator Cryptoslam, in the seven days ended Jan. 7, NFT sales volume was over $211.4 million with around 1.2 million NFTs transacted between over 400,000 buyers.

The number of buyers increased by 17% on the week but transactions only grew by just over 2.5%.

Ethereum-based NFTs remained popular, with sales on the blockchain up nearly 26%.

The top three collections for the week were similarly Ethereum-native with the Yuga Labs’ Bored Ape Yacht Club (BAYC) in first place seeing nearly $19 million traded, up nearly 50% in terms of volume.

The Mutant Ape Yacht Club (MAYC) collection was second, with a volume increase of 80% to hit $14 million sales volume. Azuki was third with a 132% volume surge seeing $12.7 million in sales.

Every frame of feature-length film minted as an NFT

The producers of the 2022 thriller film, The Rideshare Killer have released nearly 120,000 unique NFTs in what they’ve dubbed the “first ‘every frame minted’ (EFM) film.”

Exactly 119,170 NFTs each representing one frame of the 83-minute long film shot in 24 frames per second were minted on the Polygon (MATIC) blockchain according to a Jan. 5 release.

The film’s producer, Tony Greenberg, said he believed NFTs “will change the independent film landscape” as they offer a “potentially appreciating collectible” to fans and a “sustainable revenue source for artists.”

The film may have to rely on its NFT sales to break even if its reviews are anything to go by.

It currently has a rating of 4/10 across eight reviews on the online film database and review website IMDb with one critic saying the movie “should never have been made.”

Other Nifty News

YouTuber and sports beverage merchant Logan Paul has U-turned on his threat to sue Stephen "Coffeezilla" Findeisen for defamation over allegations by Findeisen that purported Paul’s NFT project “CryptoZoo” was a scam.

NFT marketplace SuperRare has gutted 30% of its staff as it “over-hired” during the crypto bull market according to its CEO John Crain. He added the company was “facing headwinds” likely due to the ongoing crypto winter.

Russia adopts Bitcoin, crypto assets for cross-border transactions, finance minister says

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

The industry is likely to see “further attempts from hackers targeting bridges in 2023," while users are urged to be warier of their private keys.

The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.

The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:

“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”

Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.

Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”

Protect your keys

On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.

The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.

Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:

“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”

The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.

Related: Revoke your smart contract approvals ASAP, warns crypto investor

Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.

The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.

Russia adopts Bitcoin, crypto assets for cross-border transactions, finance minister says