Attacks are developing to infect Pixiv and DeviantArt artists with malware through fake NFT requests.

Users of online platforms for creators such as Pixiv and DeviantArt have received multiple messages from someone claiming to be from the NFT project Cyberpunk Ape Executives, attempting to infect them with information-stealing malware. It has been reported.

https://blog.malwarebytes.com/scams/2022/05/fake-cyberpunk-ape-executives-target-artists-with-malware-laden-job-offer/

Numerous reports of receiving messages from someone claiming to be “Cyberpunk Ape Executives” have been reported on social media art profiles in Japan and other countries. These messages were advertising some upcoming project related to both cyberpunk and apes.

As reported by Malwarebytes, attackers are targeting artists with offers to design new characters and expand their collections with new NFTs, offering rewards of up to $350 per day.

The message sent to the artist is as follows.

Hello! We appreciate your artwork and would be happy to help you with any questions you may have.

Cyberpunk Ape Executives is looking for 2D artists (online/freelance) to help us create NFT projects.

The 2D artists will be asked to create wonderful and lovable NFT characters.

Your character will be an important part of the NFT world.

Candidate expectations: 1) 2D artist experience 2) Character creation experience and examples 3) Photoshop skills

Main responsibilities : 1) Character creation in NFT style 2) Task setting and feedback with art team leader

1 Approximate pay per day is $200-$350, I pay in Paypal, BTC, ETH, LTC.

The message sent to the artist contains a link that, when clicked, leads to a MEGA download page from which the victim can download a password-protected 4.1 MB RAR archive named “Cyberpunk Ape Executives (pass 111).rar”, which allows victims to download a password-protected 4.1 MB RAR archive named “Cyberpunk Ape Executives (pass).rar”.

In the archive, there is a GIF image of the NFT of Cyberpunk Ape Executives and an executable file that is disguised as another GIF image within it, so that it can be easily blended in with the rest of the collection.

This executable is a malware installer that will most likely infect your device with an information-stealing Trojan and bypass AV detection based on current VirusTotal detection results.

Attackers typically target information stored in the web browser, such as account passwords, cryptocurrency wallets, credit cards, and files on disk.

Once they have the account credentials of a prominent account with a large number of followers, they use them to promote the same scam to even more users.

This can be even more dangerous for artists who deal in NFTs, as they can steal the victim’s wallet and the cryptocurrency or NFTs stored in it.

Many creators reported that bot accounts kept sending these messages every few minutes, and one artist stated that he received messages in Japanese.

How to protect

Although job offers, especially unbeatable ones, are tempting enough to make you take immediate action, never do so.

Instead, you will need to contact the project or company directly and check your email or visit their Twitter account for more information.

Then you will see that the Cyberpunk Ape Executives project is warning users about this scam.

Be sure to scan files downloaded from file sharing services such as MEGA with an anti-virus program before launching them.

As this attack proves, malware files may not trigger an anti-virus alert. Therefore, it is advisable to use MFA (two-factor authentication) as the last line of defense for all accounts.

Leave a Reply

Your email address will not be published.