Open Source Monday: How to Spot Malware in Your NFT

Like the internet and GPS that we use every day, VIA’s data privacy and security platform was first tested at scale by the U.S. Department of Defense.

A major U.S. intelligence agency has been actively testing the ability of VIA’s blockchain platform to detect potential cyber threats to data sources. 

We can’t disclose much that we did in detail. Actually, we can’t disclose anything in detail. After six months and well over 350 tests, there is one insight, however, that we feel is important to share publicly:

It’s ridiculously easy to inject malware into a file that can then be downloaded as an NFT!

As NFTs have exploded in popularity (23% of millennials in the U.S. collect them), adding malware to an NFT is an easy and fast way for malicious users to spread chaos.

So, today, VIA is making a malware check for NFTs code available for free, for anyone: Special thanks to the steganography open source community for their help to create this NFT vulnerability scanner.

This initial version on GitHub has three separate malware checks. There are instructions on how to submit a pull request for you to add your own additional malware checks. If you’re interested in using the code on your website, write to us at

Want to learn more about how hidden text and malware code can be easily transferred when not checked? Watch this 43 second video.

If you’re interested in making the NFT community safer, please share this blog with your networks!

Stay safe out there everyone!