Popular NFT marketplace Rarible targeted by scammers and malware

​Nothing attracts a scammer more than money, and with the NFT craze generating a ton of sales, threat actors are trying to capitalize on it.

An NFT, or Non-Fungible Token, is data stored on a cryptocurrency blockchain that a digital certificate has signed to prove that it is unique and cannot be copied.

Over the past year, NFTs have reached mainstream attention as artists sell their digital art for cryptocurrency at popular websites such as Rarible and OpenSea.

Just recently, an artist known as Beeple sold an NFT digital picture for over $60 million in Christie's auction.

Threat actors target Rarible's popularity

A report by cybersecurity and fraud protection company Bolster shows how threat actors use typosquatting domain names that impersonate the popular Rarible.com site but lead them to scams, malware, and other unwanted content.

"Typosquatting domains: Typosquatting domains are lookalike domains targeting a brand. They look very similar to the brand's legitimate domain and are hard to tell apart."

"For example, rarible[.]com is the legitimate website of the famous NFT marketplace Rarible. rarbile[.]com is a typosquatting domain targeting Rarible," explains Bolster in their report.

Search engines, for the most part, do a good job burying these typosquatted domains from search results. However, it is common for scammers to use WhatsApp and Telegram messages, social media posts, direct messages on social media, or even advertisements to spread the typosquatted domain.

For example, Bolster discovered a domain wwwrarible[.]com that is missing the period [.] between the www and rarible. When visitors click on this domain's URLs by mistake, they are redirected to a website pushing a fake Firefox update on visitors.

One of the extensions it redirected to yesterday injects advertisements in sites you visit and tracks your activity online.

Other domains discovered by Bolster include rarbile[.]com, rareble[.]com, and rareible[.]com, which all redirect visitors to various scams.

These scams include spin-the-wheel games, fake dating sites designed to collect your info, affiliate tech support scams, or sites pushing adware bundles.

One of the adware bundles fittingly installed a cryptocurrency miner on our test machine, but we have been unable to replicate this in future visits to the site.

We tested similar adware bundles in the past that installed password-stealing Trojans that would harvest credentials saved in your browser and transmit them to a remote site.

Bolster expects scammers to continue targeting the NFT frenzy by creating fake NFT stores that steal buyers' cryptocurrency, counterfeit NFTs or artist impersonation, and fake giveaways.

If you are interested in NFTs, it is becoming increasingly important to pay close attention to links you click on and perform due diligence on any digital media you plan to purchase.

With NFTs and cryptocurrency in general, there are no returns if you send money to the wrong person