Users of Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the “Cyberpunk Ape Executives” NFT games project, with the primary goal of infecting artists’ devices with information-stealing malware. .
“Cyberpunk Ape Executives” is a limited collection of non-fungible tokens (NFTs) following the closed club approach that has brought similar companies astronomical fame and value.
As reported by Malwarebytes, threat actors are targeting artists with offers to work with the people behind the project and design a new set of characters to expand the collection with new NFTs, offering compensation of up to $350 per day.
The message sent to the artists is as follows:
“Hello! We appreciate your artwork! Cyberpunk Ape Executives is inviting 2D artists (online/independent) to collaborate on creating an NFT project. As a 2D artist, you will create amazing and lovable NFT characters. Your characters will become an important part of our NFT universe! Our candidate expectations: 1) Experience as a 2D artist 2) Character creation experience and examples 3) Photoshop skills.”
“Main tasks: 1) Character creation in our NFT style 2) Interaction with the art team leader in task settings, feedback. For more communication, please refer to the examples of our NFT works: [url removed] and submit a response (CV + examples of your work) for this position. Approximate pay per day = $200-$350. We make payments to Paypal, BTC, ETH, LTC.”
cyberpunk ape malware
The messages sent to the artists contain a link which, if clicked, leads to a MEGA download page from where the victim can download a password protected 4.1MB RAR file named ‘Cyberpunk Ape Exemples (pass 111).rar ‘ containing samples of Artwork from Cyberpunk Ape Executives.
This is supposed to help artists understand the style they should follow and create a false sense of legitimacy in the job offer.
Inside the archive, artists will find Cyberpunk Ape Executives NFT GIFs, and among them an executable file made to look like another GIF image, easily blending in with the rest of the collection.
This executable is a malware installer that will infect the device with an information-stealing Trojan with a good chance of bypassing AV detection based on current VirusTotal detections.
Information thieves typically target information stored in web browsers, such as account passwords, cryptocurrency wallets, credit cards, or even files on disk.
When threat actors get their hands on the credentials of a notable account with a large number of followers, they use them to promote the same scam to more users.
This could be even more dangerous for artists working with NFTs, as stealing victims’ wallets will allow threat actors to steal any cryptocurrency or NFTs stored in them.
Many creators report that bot accounts kept sending these messages every few minutes, while other artists say they received the message in Japanese.
How to stay safe
Job offers, especially lucrative ones, can be enticing to the point of tricking people into taking action right away, but you should never do that.
Instead, you should contact the project or company directly to confirm the email or check their Twitter accounts for more information.
Doing so would show that the Cyberpunk Ape Executives project warns users about this scam.
There is currently a scam with people pretending to work with us. This is not real. Don’t answer. Don’t click the link. Report people who are doing this on the platform they contact you on. #ApeExecutives pic.twitter.com/A60J3Tt1ks
– CYBERPUNK APE EXECUTIVES (PHASE ONE SOLD OUT) (@ApeExecutives) April 26, 2022
Before starting files downloaded from file sharing services like MEGA, always scan them with your antivirus program.
Even then, the malware files may not raise an alert on your AV, as this campaign demonstrates, so it would be a good idea to use MFA as a last line of defense on all your accounts.