Reading time: ~2m
Netskope employees discovered a new campaign launched by hackers to distribute the famous RedLine infostyler using fake bots to buy Binance Mystery Boxes.
Binance’s Mystery Boxes are a gift in a box containing random NFTs. A customer can purchase such a “box” from the relevant marketplaces without having any idea what is in it. He can open it or put it on sale. It is not known what kind of NFT the client will receive. It can be a standard token or a very rare one with a price of several million dollars.
In the vast majority of cases, customers receive standard tokens, of course. Mystery boxes are very popular, but Binance offers them in small quantities. Therefore, in order to get them, users use bots.
According to Netskope employees, hackers have posted several videos on the YouTube platform that purportedly offer free bots to use to search for Mystery Boxes. The videos include a link to a GitHub repository from which the bot can be downloaded. However, instead of a bot, the deceived user downloads the RedLine malware onto his PC.
The name of the downloaded file is BinanceNFT.bot_v1.3.zip. It contains a file with an identical name, it is a payload, and it also contains a Visual C++ installer and README.txt file. To run RedLine, you will need the VC installer, since the program is written in .NET. The text file contains installation instructions for users.
As a reminder, RedLine is a popular and quite powerful malware used to steal passwords, VPN credentials, cryptocurrency wallets, chats, cookies and so on. This software is very often used both by individual hackers and entire groups of cybercriminals.
If a deceived user downloads such a “free” bot, he does not get to use it to search for Mystery Bots, but rather a malware that steals all his private information. How many users have already been affected by the hackers’ actions is not yet known, but given the interest in NFT, the number of affected customers could be large.
Author: Vadim Gruzdev, analyst at Freedman Club Crypto News
#Hackers #Binance #Mystery #Boxes #steal #user #passwords