A sophisticated phishing campaign targeting Cardano users is spreading by masquerading as the Eternl Desktop wallet, prompting victims to download and install a malicious MSI containing remote-control tools. Attackers are using an official tone and referencing NIGHT and ATMA token incentives, distributing the unsigned installer from the domain download.eternldesktop.network. Security researchers have found that the installed file embeds a LogMeIn Resolve component, enabling remote command execution and persistent control over compromised systems. Users are advised to obtain wallet software only through official channels.
A sophisticated phishing campaign targets Cardano users by masquerading as the Eternl Desktop wallet, urging victims to download and install a malicious MSI file. The installer contains remote-control components that can execute commands and grant persistent access to attackers. The operators use an official tone and reference token incentives such as NIGHT and ATMA, distributing the unsigned installer from download.eternldesktop.network. Security researchers have found that the payload includes a LogMeIn Resolve component, enabling remote command execution and long-term control over compromised systems.
Leave a Reply