Communication metaverse The Sandbox (SAND) has just reported a security incident where an employee’s computer was illegally accessed and sent multiple emails posing as organization.
On the afternoon of March 2, The Sandbox broadcast a notice that an employee’s computer was illegally accessed. The attacker then used The Sandbox’s official email account to send out a series of emails containing malware links.
SandBox is aware that an unauthorized third party had gained access to the computer of an employee. This enabled the third party to access a number of email addresses to which it then sent an email falsely claims to be from The Sandbox. The email included hyperlinks to malware… https://t.co/eqsv5Cvsgr
— Wu Blockchain (@WuBlockchain) March 2, 2023
The email has a title that roughly translates to “Sandbox Game Access (PURELAND).” If the recipient clicks on the link, malware will be installed on the machine, granting the hacker remote control of the machine and stealing important user data.
The incident happened on February 26. After discovering the problem, The Sandbox immediately contacted the recipients of the fake email and warned to never click on the link. At the same time, the company also blocked all accounts that had access to corporate email, along with resetting passwords with 2-step authentication.
After investigating, the company determined that hackers had taken control of an employee’s computer through a malicious application. Only one machine is affected. Additionally, the hacker had no access to The Sandbox’s other services and accounts.
As of the time of posting, the metaverse platform has not reported any impact from the above incident. However, we are still monitoring the situation as well as strengthening related security policies.
For those who receive the email, the project recommends protection measures such as: changing strong passwords for 2-step authentication; install anti-virus software to detect malware as soon as possible; Get help from a tech expert if you feel unsafe.