Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / coincentral /
Cardano Users Targeted: Sophisticated Phishing Scam Deploys Fake Wallet Malware in 2026

Cardano Users Targeted: Sophisticated Phishing Scam Deploys Fake Wallet Malware in 2026

Author:
coincentral
Published:
2026-01-03 15:59:38
13
2

New Cardano Phishing Scam Uses Fake Wallet to Spread Malware

Another day, another crypto scam—but this one's got teeth. A new, highly sophisticated phishing operation is specifically targeting the Cardano ecosystem, deploying fake wallet applications designed to look legitimate while quietly siphoning user credentials and funds.

The Bait and Switch

The scam doesn't rely on clumsy emails. Instead, it plants fake wallet apps—mimicking popular Cardano interfaces—across third-party download sites and forums. Unsuspecting users who download and enter their seed phrases find their wallets drained within moments. The malware often runs silently in the background, logging keystrokes and monitoring clipboard activity for cryptocurrency addresses.

Why Cardano? Why Now?

Security analysts point to Cardano's growing smart contract activity and developer ecosystem as a magnet for bad actors looking for a fresh hunting ground. As institutional interest creeps in, the pool of valuable targets gets deeper. It's the classic finance story: where money flows, parasites follow.

The Only Defense is You

Official wallet teams have issued stark warnings: only download software from verified, official sources. Double-check URLs, enable all available security features like multi-signature transactions, and treat unsolicited download links with extreme prejudice. In crypto, your paranoia is your best asset.

This latest scheme is a stark reminder that in the high-stakes digital gold rush, the tools for stealing are evolving just as fast as the tools for building. Stay skeptical, stay secure, and maybe keep that cold wallet a little colder.

TLDR

  • Hackers are targeting Cardano users by impersonating the Eternl Desktop wallet team through phishing emails.
  • The phishing emails promote a fake wallet download that claims to offer crypto rewards like NIGHT and ATMA tokens.
  • Victims are redirected to a newly registered domain that delivers a malicious MSI installer package.
  • The installer secretly includes a remote access tool called LogMeIn Resolve, which enables full system control.
  • Once installed, the malware creates system directories and configuration files that allow remote access without user permission.

Cardano users face a new security threat as cybercriminals impersonate the Eternl Desktop wallet team, distributing malware via phishing emails, creating urgency using fake crypto rewards, and deploying remote access tools to gain full system control through a fake installer package.

Fake Eternl Wallet Website Spreads Malware Through Polished Emails

Attackers are impersonating the Eternl team by sending emails promoting a fake desktop wallet. These messages claim to support Cardano staking and governance.

The emails highlight false benefits, such as NIGHT and ATMA token rewards, to attract attention and encourage clicks. Users are redirected to a malicious domain: download(dot)eternldesktop(dot)network.

According to threat researcher Anurag, the attackers copied the original Eternl Desktop announcement. They added fake features such as local key management and hardware wallet compatibility.

Each email uses professional language without spelling mistakes, making the scam appear genuine. The emails include a fake download LINK to a harmful MSI installer.

Once installed, the file deploys malware designed to allow hackers remote access. The file bypasses standard verification and lacks digital signature validation.

Malicious Installer Contains Hidden Remote Access Tool

The installer, named Eternl.msi, has a file hash of 8fa4844e40669c1cb417d7cf923bf3e0. It contains a bundled LogMeIn Resolve tool.

When executed, it drops an executable titled unattended updater.exe. The original filename is GoToResolveUnattendedUpdater.exe.

The executable builds a folder structure in Program Files. It then writes multiple configuration files, such as unattended.json and pc.json.

The unattended.json file activates remote access without the user’s consent. It enables full system control without requiring interaction.

Network analysis confirms the executable connects to known GoTo Resolve domains. These include devices-iot.console.gotoresolve.com and dumpster.console.gotoresolve.com.

The malware sends system data in JSON format. It establishes a remote connection to accept hacker commands.

Fake Crypto Campaign Mimics Past Meta Ad Scam

This cardano phishing attack mirrors an earlier scam targeting Meta business users. Victims received emails about ad account violations.

The attackers claimed the accounts were suspended due to EU regulation breaches. They used Instagram branding and official language.

Clicking the link took users to a fake Meta Business page. The page warned of account termination if no action was taken.

Users were prompted to input credentials. A fake support chat walked them through restoring their accounts.

Researchers urge users to verify wallet downloads from trusted sources only. Newly registered domains pose a high risk.

Security experts warn that even polished emails can contain hidden threats. Official websites remain the safest option for wallet software.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.