Sandbox blockchain game breached to send emails linking to malware

The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware.

The Sandbox is a blockchain-based open-world multiplayer game with over 350,000 active monthly users, offering them ways to build, own, and monetize interactive content like virtual worlds, items, and experiences.

The game's metaverse offers players multiple ways to make money, like creating pixel art NFTs that can be sold on The Sandbox NFT Marketplace or OpenSea or earning its own native "SAND" token that can be traded on Binance and Coinbase.

According to the February 26th security incident notice, an attacker hacked an employee of The Sandbox to gain access to several email addresses belonging to the company.

Next, the attacker leveraged this access to send emails to users that appeared to come from The Sandbox, containing links to malware hosted at another site.

"This email, titled "The Sandbox Game (PURELAND) Access" included hyperlinks to malware that may have the ability to remotely install malware on a user's computer granting it control over the machine and access to the user's personal information." - The Sandbox.

The firm says the intruder was limited to that single employee's computer, and they never gained access to any other services or accounts.

Hence, the impact of the incident for each user depends on whether or not the recipients of the emails clicked on the hyperlinks and installed malware on their computers.

The game publisher says that upon discovering the breach, it quickly identified recipients of the malicious email and sent follow-up messages warning them not to open or download anything from the external website.

Meanwhile, the compromised account was blocked from The Sandbox network, all employee passwords were reset, and two-factor authentication was enforced on all accounts.

The Sandbox advises its users to do the following:

Enable two-factor authentication to better protect their accounts and use long, unique passwords. Avoid clicking on hyperlinks contained in email messages. Keep an antivirus up to date and running on their systems. Consider formatting their computer if they suspect they have been infected with malware.

As the threat actor now has a list of Sandbox users, all emails from the game should be inspected to ensure that links only go to the legitimate website located at https://sandbox.game.