NFT: The Discord communication platform became the stage for yet another cybercrime. Researchers at the Morphisec digital security lab have detected a new scam that primarily targets cryptocurrency enthusiast communities and channels and non-fungible tokens (NFTs).
The highlight of the scam is the use of an advanced program that modifies malware and helps keep it hidden on victims’ PCs — a crypter. The tool in question is known as Babadeda and has Russian origins.
It is worth remembering that, recently, Discord itself withdrew from launching an integration with NFTs and cryptocurrencies due to community criticism. However, themes are still quite popular on the platform.
Understand Babadeda’s scam
According to Morphisec, it all starts with announcements of investments in not-so-popular cryptocurrencies or the launch of games that use the blockchain and NFTs. The addresses, however, are fake and take the victim to a page that looks very similar to the original sites for these services.
Upon falling into phishing, which is well done and even includes HTTPS security certificates, the user is tricked into downloading an executable file and running it on the computer.
At this point, the victim receives an error message which is actually a green light for the malware to start running code on his PC from a DLL file. With the help of Babadeda, malware that results in different forms of cybercrime can act, from banking trojans to ransomware.
In the case of the current scheme, the program is used to mask the performance of surveillance software that allows the transformation of machines into botnets and the theft of credentials to access social networks and banking applications, in addition to virtual wallets with cryptocurrencies and NFTs.