#Ferrari Hijacked- Hackers Hijacked Official Ferrari Subdomain to Host NFT Scam

-

 

On May 5, 2022, reports emerged that the official website of Italian luxury car maker Ferrari was hacked to promote a fake NFT collection. Interestingly, the company recently announced the launch of its official NFT collection, and hackers may have taken advantage of this news. The fake NFT collection was presented as an official collection aimed at potential buyers.

Details of the NFT Scam

White hat hacker Sam Curry claims that the attacker hijacked the forms.ferrari.com subdomain  of the company's official website and hosted an NFT scam titled "Mint Your Ferrari." Ethical hackers and bug bounty hunters have also posted screenshots of  hijacked websites on Twitter.

The attackers reportedly seduced visitors to buy NFT tokens, claiming to be Ferrari's official 4458hp NFT series launched by the company  on the Ethereum network. 

 In December 2021, Screen Rant reported that the Ferrari collection will be launched in partnership with a technology company called Velas. Fraudsters have sold fake NFT collections as  an immediate gateway to the larger Ferrari Metaverse, as well as being comparable to owning a Ferrari in the digital space.

How Attackers Hijacked the Subdomain?

Further investigation revealed that fraudsters exploited a flaw in  Adobe Experience Manager on Ferrari's official website  to hijack its subdomain and host  encrypted NFT fraudulent content. 

 "If you take a closer look, it looks like it was an exploit in Adobe Experience Manager. With a little flirtation, you can  find the rest of the unhacked site," Curry explained. It seems that 

 scammers were unable to raise large sums of money from the victims. Hacked websites have also reportedly requested users to connect to their MetaMask wallet. Since Ferrari recently announced plans to debut the official Metaverse, the scam has seemed legitimate to unprotected users.  However,  as  Twitter user Rebcesp pointed out, 

 scammers earned about $ 800 and NFT scammers Ethereum Wallet claimed to have received $ 884. The loss was small as the scam was quickly discovered and the subdomain  shut down. 

 At the time of publishing this article, the compromised subdomain was displaying the error code HTTP403 error code. Only one person  who sent 0.3 ETH or about $ 800 seems to have been scammed. The funds were sent to Tornado Cash by a scammer.

Comments

Post a Comment

Popular posts from this blog

#$1.5M phishing scam

-
Image
  The US Department of Justice has convicted a Nigerian national of participating in a business email compromise (BEC) scam worth $1.5 million. The Feds say Ebuka Raphael Umeti, 35, perpetuated the scam with two alleged partners in crime, using a combination of social engineering and malicious software to pull off the million-dollar BEC scheme. A BEC fraud involves phishing emails and deception to get businesses and organizations to send money or valuable data to attackers, usually over email. According to the DoJ, Umeti got involved in BEC scams as early as February 2016, when one of his alleged co-conspirators, fellow Nigerian national Franklin Ifeanyichukwu Okwonna, is said to have sent Umeti a phishing email template. The collaborators started to see success in 2018, siphoning $571,000 from a New York wholesaler and $400,000 from a Texan metal supplier. In the following years, the scammers started domain spoofing, signed up for VoIP numbers, and communicated over the gaming-focused
Read more

#Microsoft's AI boss thinks it’s perfectly OK to steal content if it's on the open web

-
Image
  Microsoft AI boss Mustafa Suleyman incorrectly believes that the moment you publish anything on the open web, it becomes “freeware” that anyone can freely copy and use. When CNBC’s Andrew Ross Sorkin asked him whether “AI companies have effectively stolen the world’s IP,” he said: I think that with respect to content that’s already on the open web, the social contract of that content since the ‘90s has been that it is fair use. Anyone can copy it, recreate with it, reproduce with it. That has been “freeware,” if you like, that’s been the understanding. Microsoft is currently the target of multiple lawsuits alleging that it — and OpenAI — are stealing copyrighted online stories to train generative AI models, so it may not surprise you to hear a Microsoft exec defend it as perfectly legal. I just didn’t expect him to be so very publicly and obviously wrong! I am not a lawyer, but even I can tell you that the
Read more

#This man used Fake Wi-Fi Scam on Domestic Flights

-
Image
  An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press release last week. The agency said the suspect was charged in May 2024 after it launched an investigation a month earlier following a report from an airline about a suspicious Wi-Fi network identified by its employees during a domestic flight. A subsequent search of his baggage on April 19 led to the seizure of a portable wireless access device, a laptop, and a mobile phone. He was arrested on May 8 after a search warrant was executed at his home. The individual is said to have staged what's called an evil twin
Read more