Fake job offers for NFT artists vector to spread infostealer malware

Fake Job Offers NFT Artists Attack Vector Infostealer Malware Fraud Prevention Social Engineering

A new infostealer campaign that targets NFT artists has been discovered circulating in the non-fungible token landscape. In Japan, the users of creator-oriented online platforms such as Pixiv and DeviantArt are getting phoney job offers that contain messages from individuals that impersonate Cyberpunk APE executives’ NFTs.

Researchers indicated that these new baits spread across the entire NFT world are for infecting artists and devices with an information stealer malware.

Based on reports, the threat actors are baiting numerous artists with offers to create or design NFT projects further to expand their operations with new sets of characters. These fake job offers endorse a salary that can reach up to $400 per day.

The job offers messages with an attached link sent by the hackers to target artists that will download a password-protected RAR archive file if clicked by the receiver. The file is coded as Cyberpunk APE Examples (pass111)[.]rar.


The file also allegedly includes samples of the NFT executive’s artwork designed to help the artists gather the idea of the style they should trace. It also has false authenticity to the job offer.


The analysis of the fake job offers revealed that the malware installer included in the message is disguised as one of the multiple GIF images sent as samples and contains an infostealer.

The targeted device will then be infected by an information stealer malware called EnigmaProtector if the NFT artist accesses the attached samples. Moreover, the infostealer can bypass various security solutions.

After infecting the device, the threat actors will try to gather an artist’s account credentials with a massive number of followers and viewers on social media platforms and the NFT community. NFT artists then claim that bot accounts distribute messages in Japanese every other minute.

The infostealer in the fake job offers could steal account passwords and crypto wallets. Furthermore, stealing crypto wallets can enable attackers to pilfer NFTs within the device.

As of now, users and artists should always analyse any job offers regarding NFTs that are “too-good-to-be-true” and offer a significant amount of money. Experts reminded everyone that before engaging in any transaction from an unexpected email, it is imperative to contact and confirm the company first.

About the author

Leave a Reply