The US Federal Bureau of Investigation (FBI) warns that cyber crooks are masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users. In these fraudulent schemes, criminals either obtain direct access to NFT developer social media accounts or create look-alike accounts to promote "exclusive" new NFT releases, often employing misleading advertising campaigns that create a sense of urgency to pull them off.
"Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project," the FBI spokesman said in a recent advisory last. The replica websites urge potential targets to connect their cryptocurrency wallets and purchase the NFT, only for the threat actors to siphon the funds and NFTs to wallets under their control. “Contents stolen from victims' wallets are often processed through a series of cryptocurrency mixers and exchanges to obfuscate the path and final destination of the stolen NFTs," the agency representative said. To mitigate the risks posed by such scams, it's recommended that users carry out due diligence and review social media accounts and websites to verify their legitimacy.
The development comes nearly five months after the FBI warned of a spike in bogus cryptocurrency investment schemes called pig butchering (or shā zhū pán), leading to losses of $2 billion in 2022. This includes CryptoRom, in which criminals use fictitious identities on dating apps and social media platforms to develop romantic relationships and build trust with victims before introducing the idea of trading cryptocurrencies.
The operators are known to engage in initial conversation within the app with which they made initial contact with the target. Soon after, the chat is moved to a private messaging app such as Telegram or WhatsApp, where they encourage them to use fraudulent crypto websites or apps and make substantial investments. "Criminals coach victims through the investment process, show them fake profits, and encourage victims to invest more," the FBI said. "When victims attempt to withdraw their money, they are told they must pay a fee or taxes. Victims cannot get their money back, even if they pay the imposed fees or taxes."
The romance-centered social engineering attacks have also gotten a facelift in recent months, with Sophos identifying the threat actors' use of generative AI-based tools to lend more credibility to conversations with the victims on messaging apps and persuade them to download sketchy apps on the Apple App Store and Google Play Store.
These applications can get past reviews by Apple and Google by modifying remote content associated with the apps after they are approved and published to the stores. By simply changing a pointer in remote code, the app can be switched from a benign interface to a fraudulent one without further review by Apple or Google unless a complaint is filed.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments