Fake Binance NFT Bots Promoted on YouTube to Steal Cryptocurrencies
A Redline malware disguised as Binance NFT mystery box bots has been distributed to steal cryptocurrency wallets. The malware campaign has been spread on YouTube, and the videos direct people to download the worm from GitHub repositories.
The hackers are leveraging the excitement of finding something mysterious with the said chest gives. The boxes may sometimes contain rare NFTs, valued at millions can be bought on binance. However, mystery boxes are hard to get as there is a limited supply.
To gain more advantage over other bidders, some buyers deploy bots to acquire them and the threat actors are trying to use it as an opportunity to capitalize. They uploaded videos in March 2022 and have sparsely had a high number of views.
The videos tries to lure its viewers into downloading the said malware on their system from a GitHub link that distributes the Redline malware instead of the NFT bot. The decompressed zip file, which is named “BinanceNFT.bot_v1.3zip” contained a Microsoft Visual C++ Redistribute Installer and a README.txt file.
The text file contains instructions on how to install the malware, while Visual C++ is used to run the malware because RedLine was developed in .NET .
How the Fake NFT Bot Works
The adware is sold in underground forums and is capable of stealing people’s credentials. Redline malware subscription is being sold to independent operators for $100 to $150 dollars per month. it is used to harvest information from saved browsers, autocomplete data and credit card information.
When deployed on crypto platforms, it can steal vital credentials that may grant access to a targeted crypto wallet.
A malware analyst from Netskope Threat Labs said that although RedLine stealers are low-cost malware, it’s not worth it. It offers many capabilities that could cause serious damage to its victims, such as loss of sensitive data.
In April 2022, the malware had already been launched in 150 countries, although the malware hasn’t been executed in specific countries like, Russia, Ukraine, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Uzbeskistan, Moldova and Tajikistan.