Unknown threat actors have been discovered targeting graphic designers and artists with infostealer Trojans, security researchers have revealed.
Artists from popular sites such as DeviantArt and Pixiv have received several messages claiming to offer potentially lucrative jobs. However, the job posting is only a disguise, as the real purpose of the sender is to spread an information-stealing Trojan with a “good chance” of not being detected by anti-virus solutions. .
Information thieves typically grab passwords and other identity-related data stored in browsers, as well as cryptocurrency wallets, credit card data, and more.
A job offer or a Trojan horse?
In the job posting, the artist is invited to work on an NFT project. NFTs, or non-fungible tokens, in this context, are works of art stored on the blockchain. Lately, they enjoy huge popularity and sky-high valuations (some worth tens of millions of dollars).
In the offer, the artist will be informed of what is expected of them, will be asked for their resume or resume, and will be given a link to examples of previous NFT work by the project leads. This link, which the attackers claim is essentially the project’s style guide, leads to a password-protected RAR archive named “Cyberpunk Ape Examples (pass 111).rar”.
The archive contains some low-res images, but also contains a well-hidden .EXE file. At first glance, it appears to be a .GIF file, but it is actually malware.
While infostealers can do all kinds of damage and steal all kinds of information, in this context, it’s safe to assume that attackers might be after artists’ cryptocurrency wallets, especially if they’ve been involved in NFT projects in the past. Crypto projects usually pay their team members, employees, and collaborators in cryptocurrencies.
Cyberpunk Ape project officials took to Twitter to distance themselves from the campaign, saying the job posting wasn’t real.
“Don’t answer. Do not click on the link. Report people doing this on the platform they contact you on,” reads Twitter.