Morphisec, a global security solutions provider, has discovered a new NFT Discord hack. The malware, called Babadeda crypter, targets the cryptocurrency, NFT and DeFi communities. This potentially Russian-linked cyberattack runs scams by impersonating OpenSea, Bored Ape Yacht Club, and ZED RUN marketplace accounts.
Other vendors have reported variants of this cryptographer in the past. However, Morphisec is the first to fully disclose how it is specifically targeting the NFT community. The cryptocurrency market is now worth over $2.5 trillion, so it is a popular target for fraudsters.
Babadeda The crypto-er behind the latest NFT Discord hack
According to the report, Morphisec Labs researchers chose the name “Babadeda”, which translates to grandmother-grandfather, based on the Russian placeholder used by the encryptor itself. It can bypass signature-based anti-virus solutions via RAT payloads. As a result, the attacker gains administrative control over the target computer.
The bottom line here, in all the tech talk, is that you need to be vigilant. To do this, you need to understand how this scam works and what are the red flags. From a user’s perspective, here’s how the attack works.
First, the attackers create a Discord bot account on the company’s official Discord channel. This will allow them to impersonate the channel’s official account.
Then, from this account, the attackers send a private message to the user. Basically, they will invite the user to download a relevant app. In return, they will allow them to access new features and benefits.
However, instead of an application, the URL redirects the user to a decoy site. It will then download a malicious installer that will embed the cryptographer with the RAT payload in it.
Unfortunately, the attackers are also trying to hide their malicious intent within what appears to be a legitimate application to evade detection. In fact, they have even taken extended measures to ensure that the delivery chain appears legitimate to the most technical user. For example, signing the domain with a certificate (via LetsEncrypt) to enable HTTPS connections and ensuring that the user interface of the decoy page is very similar to the user interface of the original page.
The industry landscape
Unfortunately, fraudsters aren’t just targeting individual users. They’re also going after larger entities. Two weeks ago, we reported that OpenSea’s security was under scrutiny after a white hat hacker discovered a fatal flaw. This was a major lifesaver as the flaw could have allowed fraudsters to create fake blue chip NFTs (think BAYC). Then, create a “mania” that ends up costing millions, if not hundreds of millions of dollars.
Interestingly, a young 17 year old NFT hacker was involved in a phishing scam around the CreatureToadz program. Unlike most fraud cases, this one had a happy ending. the CreatureToadz team got their money back from the NFT hacker (86 ETH/$342,526) after apologizing for the breach.