A phishing campaign targeting Cardano (ADA) users has been circulating since late December, distributing malware disguised as the Eternl wallet’s desktop application. The fraudulent messages reference legitimate Cardano ecosystem terms including NIGHT and ATMA token rewards through the Diffusion Staking Basket program. Attackers use the unverified domain download.eternldesktop.network to distribute the malicious installer. Independent threat hunter Anurag analyzed the 23.3-megabyte Eternl.msi file and discovered it contains LogMeIn GoTo Resolve remote management software.
The installer drops an executable called unattended-updater.exe that creates configuration files enabling remote access without user interaction. The malware establishes connections to legitimate GoTo Resolve infrastructure, allowing attackers to execute commands and monitor victim systems. Network analysis showed the software sends information to attackers in JSON format through remote servers. No digital signature or checksum verification accompanies the installer, preventing users from validating authenticity before installation.
Security researchers have identified a phishing campaign aimed at Cardano (ADA) users that distributes malware masquerading as the Eternl desktop wallet installer. The messages are crafted to resemble official communications and reference Cardano terms such as NIGHT and ATMA rewards through the Diffusion Staking Basket program. Attackers route the installer through an unverified domain, download.eternldesktop.network, to entice victims into installation. Analysis of the 23.3 MB Eternl.msi shows it bundles LogMeIn GoTo Resolve remote management software.
Leave a Reply