Skip to Content
Don't open this Excel doc claiming to offer NFT advice. It's hiding malware.
© Dimarik16 |
Security & privacy

Don’t let curiosity about NFTs allow hackers to hijack your computer

This is NFA, but when you see 1:1 generative art that’s freshly minted at the start of a new SZN, you need to DYOR before you move liquidity. Otherwise, you’re NGMI and possibly lose much more than 5ETH and a few NFTs.

Don’t worry. You didn’t suddenly lose the ability to read or comprehend. But unfortunately, the world of non-fungible tokens (NFTs) is jargon-filled and complex, which can easily confuse those curious about the technology. Tap or click here for everything you need to know about NFTs.

And it’s this unfamiliarity with NFTs that hackers and scammers are now taking advantage of to install malware on your devices. Read to see how hackers are targeting art lovers with malicious code.

Here’s the backstory

NFTs are an intricate concept. Essentially, it is something (a JPG file, digital art or music) irreplaceable and one-of-a-kind. Creators put an item up for sale (called minting). When users buy it (often with the cryptocurrency), they own it. Think of it as buying an original, digital version of real-life art.

Creations have different values, depending on the demand and who created it. Anyone interested in NFTs might look for a hot tip or score a bargain to resell. And that is where criminals often show up, waiting to make some money of their own.

Fortinet found an Excel document online claiming to contain details about NFTs. But after analyzing the spreadsheet, they realized that it had malware embedded that could steal personal information.

NFTs scam Excel file
Credit: Fortinet

The file contains a macro, an executable action in many Excel documents. But instead of giving a heads-up to new NFTs, it downloads and installs BitRAT malware in the background. This malware then attempts to download a data file with a JPG extension, making it seem like an image or photo.

According to Fortinet, “BitRAT can bypass User Account Control and Windows Defender. In addition, this variant can also monitor the screen and, if present, utilize the webcam.”

Once the malware installs, it can also:

  • Steal credentials from browsers and applications
  • Mine Monero cryptocurrency
  • Log keystrokes
  • Upload and download additional files
  • Listen live through a microphone

What you can do about it

Like most things online, never open a link or download an attachment if you don’t know or trust the source. Take extreme caution when you receive a file through an unsolicited message that claims to have valuable information on digital products or services.

Here are some more tips to stay safe:

  • You should never download Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
  • The chatting application Discord is used more often now to host malicious content. If you receive a link redirecting to Discord, use extreme caution before downloading anything.
  • Make sure you’re using strong antivirus software on all of your gadgets. And keep them up-to-date for the best protection. This is the best way to keep your device from being infected with malware. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at That’s over 85% off the regular price.

Keep reading

Tech Refresh: Windows woes, NFT craze, Clubhouse copycat app

10 cryptocurrency terms people use every day that you need to know, too

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started