A phishing campaign targeting Cardano users is spreading fake Eternl Desktop wallet notifications, luring them to download and install a malicious MSI file containing remote control tools.
The attackers used a tone similar to an official announcement, citing the NIGHT Token and ATMA incentives to increase credibility, and then distributed unsigned installers via the download.eterldesktop.network domain.
- They are impersonating Eternl Desktop to distribute malicious MSI files.
- The installer is not digitally signed, and is associated with the NIGHT and ATMA offers.
- The malware contains LogMeIn Resolve, which allows remote control of the machine and execution of commands.
The fake Eternl Desktop campaign targets Cardano users.
The fraudulent notification was disseminated as an announcement from Eternl Desktop, tricking users into downloading a malicious MSI file instead of legitimate wallet software.
According to reports, the attackers used language and structure similar to official announcements to lower awareness. The content also mentioned incentives for receiving NIGHT and ATMA Token to create a sense of immediate benefit, thereby increasing click-through rates for downloads and installations.
The installer is distributed as an unsigned installer via the domain download.eternldesktop.network. Using a domain that looks like the product, coupled with the familiar MSI format on Windows, can cause victims to skip checking the download source and the authenticity of the digital signature.
Malware integrates LogMeIn Resolve for remote control.
Security researchers say the MSI file contains the LogMeIn Resolve component, which allows for remote command execution and persistently maintains control of the system.
Once installed, the remote control tool can facilitate deep intrusion into the device by an attacker, including running remote commands and establishing a hold mechanism. In the context of users holding Cryptoasset, such system access increases the risk of data breaches and compromise.
The main recommendation is to only download wallet software from official channels. Cardano users should avoid installing unsigned installers from unfamiliar domains or notifications promising Token rewards, especially when requesting the download and execution of MSI files.
