In this fake file extension NFT scam Hackers used .scr file. Screen Saver (.scr) files are executables that can run any code; they are similar to.exe files and We all know how .exe file works. We can say that your entire computer has been hacked at this point.
Scams that use cryptocurrency are getting more and more complicated, making it easier than ever to fall for them.
In just the last 12 months, non-fungible tokens (NFTs) have grown into a multibillion-dollar portion of the crypto industry. Top collector’s items, like rare ones from the Cool Cats and Bored Ape Yacht Club collections, can sell for $30,000 or more.
If you think a JPEG should not cost between five and six figures, the people who made NFT have one word for you: utility. Because NFTs make a permanent digital record of your ownership on the blockchain (the same technology used to make crypto), owning a digitally tokenized piece of art can also get you into exclusive online clubs, gaming communities, Discord chat rooms, and interactive experiences.
At least, that’s the idea. But in real life, NFTs are still new and a little scruffy. Blockchain fans see NFTs as an exciting sign that the general public will soon use crypto. However, scammers can make a lot of money off of them because so much money changes hands.
FAKE FILE EXTENSION SCAM
You’ve heard about Smart Contract hack in Nfts and blockchain, phishing links, or NFT discord hack. Now hackers have found another way to hack into your wallets, and trust me, it’s way harder to know which is real and which is fake.
The tactic I am talking about is the FAKE FILE EXTENSION SCAM. What is it?
How will the attacker approach you?
How do they do it?
Why is it dangerous?
How do you identify real and scam files?
How to keep yourself safe from an attack?
I will uncover these questions’ answers here in this article.
What is File Extension Scam in NFT?
Basically, this attack is, as the name suggests, Scammers spoof file extensions to make malicious files look like PDFs. They go after artists, people with a lot of influence, and projects.
How will the attacker approach you?
As I stated above, hackers nowadays use different ways to exploit you. The Serpent gave a clear example on his Twitter thread. In his thread, he shows the example of an artist called RabbitinM. The customer first messaged RabbitinM about the commission of his art. Then they sent him a zip file containing sample Images for the project. But that situation changed soon.
We can see the regular sample images in this zip file, nothing suspicious, right? Wrong, this isn’t a regular PDF file. It is actually a Screen Saver (.scr) file, an executable script disguised as a PDF file.
All of the artist’s NFTs were advertised and sold once RabbitinM opened the PDF file to examine the sketches, and all of his ETH was transferred to the scammer’s wallet.
How do they do it?
Hackers used Simple extension spoofing. They renamed the file, added .pdf to the end, and then modified the file’s icon to a PDF icon. He additionally overburdened the file with garbage code, causing it to surpass VirusTotal’s maximum file size of 650 MB.
Why is it dangerous?
In this example, Hackers used .scr file. Screen Saver (.scr) files are executables that can run any code; they are similar to.exe files and We all know how .exe file works. We can say that your entire computer has been hacked at this point.
Your cookies, passwords, extension data, and everything else is scraped. They may, for example, modify your MetaMask extension to a modified and harmful one, or they might just wait for you to log in and access your MetaMask, and they’ll have everything.
How do you identify real files and scam files?
It isn’t hard to identify the file extension. However, This is disabled by default, but you can activate it by choosing “View” at the top of your file explorer and then activating “File name extensions.” The file extensions for all files will be shown.
How to keep yourself safe from NFT Scam or FAKE FILE EXTENSION scam?
This is an old web2 scam technique that works with any and all file formats. To avoid this, Do not download or open random files recklessly. Always check the file type, Investigate and learn about fundamental web2 security.
But If you must open a file, save it to Google Drive and view it there, or use a virtual machine.
There are several approaches, but if you fall victim to this assault, even after trying the above methods, you should consider your computer is infected. You should reset it, create a new wallet, and change all of your passwords on everything.
Final thoughts
Artists aren’t the only ones victimized by this fraud. Influencers, promoters, and initiatives have lately been targeted, with many people losing control of their wallets and accounts and having everything entirely deleted.
One user replied on Serpent’s Twitter thread, saying he had been robbed by the same trick back in February. When he downloaded the .scr file, he had to input a code in order to access the file. Which he thinks gave them access to his computer.
This can cause financial and mental problems to the victim, so be careful and spend little time on research before opening any file type.
