Web3 security analyst Serpent said on Twitter that a form of attack that disguised malicious files that steal NFTs from wallets as PDF files has been discovered, and the artist whose Twitter ID is @RabbitinM has suffered losses.
The attacker disguises the screen saver (.scr) file (an executable script) as a PDF file. When the recipient opens the PDF file, all NFTs in the wallet will be sold by pending orders and the proceeds will be transferred to the attacker’s wallet.
Attackers add .pdf to the end of the file to disguise it as a PDF file. Serpent reminds users not to open the file at will, and can view it on Google Drive or use a virtual machine to prevent it from being attacked.