Overview
- The campaign replicates an official Eternl Desktop announcement and dangles NIGHT and ATMA rewards tied to the Diffusion Staking Basket to boost credibility.
- Recipients are redirected to download.eternldesktop.network to retrieve a 23.3 MB Eternl.msi that lacks a valid digital signature.
- Execution drops an executable named unattended-updater.exe (originally GoToResolveUnattendedUpdater.exe), creates Program Files directories, and writes configs such as unattended.json that enable unattended access.
- Network analysis shows connections to GoTo Resolve infrastructure, including devices-iot.console.gotoresolve.com and dumpster.console.gotoresolve.com, with data sent using hardcoded API credentials.
- Security advisories published Jan. 3 recommend downloading wallet software only from official channels and treating unexpected reward-themed emails as phishing attempts.