Fake NFT App Exploits Defender and 2FA, Draining $24K in Cryptocurrency In a recent cybersecurity incident, crafty malware managed to bypass Microsoft Defender and two-factor authentication (2FA), leading to the theft of $24,000 in cryptocurrency. The breach was facilitated through a fake NFT game application, according to findings by SafetyDetectives.

Malware Deception and Bypass Techniques

The threat actors behind the malware managed to evade Microsoft Defender, the standard antivirus software for Windows, allowing the malicious software to infiltrate victims’ systems. Originally posing as a harmless NFT game, the application instead targeted cryptocurrency wallets. In addition to deceiving Defender, the malware cleverly circumvented Google’s 2FA, stealing significant funds from unsuspecting users. Once installed, the malware silently harvested sensitive data, often hijacking the user's Google account. It achieved this through a nefarious Chrome extension masked as Google Keep, effectively neutralizing 2FA protocols.

In-depth Analysis and Detection Challenges

SafetyDetectives employed Wireshark to scrutinize network traffic and pinpoint the malware's actions. The results were surprising: Microsoft Defender failed to block the malware during both installation and operation, granting it access to system controls, facilitating data theft, and even enabling location tracking. Interestingly, the malware was designed to deactivate in certain regions—Russia, Ukraine, and Belarus—hinting at its possible origins. The rogue Chrome extension empowered the malware to hijack login credentials and monitor user activity unobtrusively. Unfortunately, Microsoft Defender remained silent, failing to alert users to these breaches.

The Role of Alternative Security Software

The investigative team also evaluated other antivirus tools, including Bitdefender and Malwarebytes. Although these products were initially unable to prevent the malware's installation, they showed efficacy at different phases of the attack. Malwarebytes successfully thwarted the initial breach, while Bitdefender intervened to protect critical data access. Both solutions demonstrated strengths: Malwarebytes acted swiftly to prevent installation, while Bitdefender minimized false positives, enhancing the user experience.

The link has been copied!