In a concerning development, the X (formerly Twitter) account of Symbiotic, a staking protocol, was compromised on October 5, as reported by blockchain security firm PeckShield. As of October 7, the account remains under the control of hackers, according to updates on the Symbiotic official website.
#PeckShieldAlert #Phishing @symbioticfi's X account has been compromised. Do *NOT* click the link until further official announcement. community-symbiotic[.]fi is the #phishing link pic.twitter.com/rmYDKsvhST
— PeckShieldAlert (@PeckShieldAlert) October 5, 2024
The hacked account is luring users into clicking a misleading link disguised as a “points” checklist. Users are directed to a phishing site, network-symbiotic[.]fi, instead of the legitimate Symbiotic website, symbiotic.fi. The fake site deceives users by displaying a false message claiming they have earned thousands of points, even if they have no prior interaction with the Symbiotic protocol.
Users are urged to click a large green “Redeem” button to claim their points. However, clicking the button when using an empty wallet results in a standard phishing error message requesting the user to try a different wallet. For users with Symbiotic tokens, the phishing site likely prompts them to sign a message, which is then exploited to drain their wallet’s funds. Cointelegraph, a crypto news outlet, reported that it did not attempt to interact with the phishing site using a wallet with funds.
Symbiotic’s official website has issued warnings, advising users not to interact with any links posted on their compromised X account. These kinds of X account hacks have become increasingly common in the crypto world, and users are advised to bookmark official URLs for apps they frequently use. While bookmarking can help avoid phishing scams, it’s not foolproof. Users are also cautioned to be wary of requests to sign messages written in code, as these can often signal phishing attempts.
Source: Symbiotic page
Attackers Exploiting SVG Files to Spread Malware
In a separate security issue, a new form of malware attack using Scalable Vector Graphics (SVG) files has surfaced, according to a September report from HP’s Wolf Security team. The attackers exploit SVG image files to install remote access trojan (RAT) software on victims’ computers.
Once the malware is installed, it enables attackers to steal sensitive data like website passwords, seed phrases (the recovery words for crypto wallets), and other personal information. If the victim holds cryptocurrency, these credentials may be used to gain access to their wallet and drain funds.
HP researchers revealed that the malware is hidden within a ZIP archive that downloads when the SVG image is opened in a web browser. The malicious file is accompanied by a .pdf document, designed to distract the victim while the malware is installed in the background.
SVG files, which are popular due to their scalability and high-quality display, store images using mathematical formulas instead of pixels. This allows them to be resized without loss of quality. However, because SVG files are written in XML code and can contain embedded scripts, attackers have found a way to exploit these capabilities.
Once the malicious SVG is opened, it triggers the download of a ZIP archive. If the user clicks on the archive, a File Explorer window opens, initiating the download of a shortcut file. The shortcut file loads a decoy .pdf while various malicious scripts are copied and stored in the victim’s system directories. These scripts ensure the malware remains active over time, continuously compromising the device.
In light of these threats, users should exercise caution when interacting with SVG files, especially those sent from unknown sources or untrusted websites.
The post Symbiotic X Account Hacked, Spreading Malware Through SVG Files: Report appeared first on Coinfomania.