- Cybercriminals utilize fake meeting apps to target Web3 professionals.
- Real virus grabs crypto and sensitive data from compromised machines.
The cybersecurity guys are sounding the urgency alarm over a new scam targeting Web3 professionals, which uses fake video conferencing applications to spread an extremely potent data thief known as Realst. Like many insidious apps masquerading as trustworthy business-meeting platforms, these apps are designed to steal sensitive information, including the intricate details of cryptocurrency wallets.
And according to security experts at Cado Security Labs, the scam uses deceptive tactics, including impersonation on messaging platforms like Telegram, to trick users into downloading the malicious app.
This Meeten scam is using AI-posed fake companies to some extent to add some layer of legitimacy to the entire scam. These attackers are coming to the victims via Telegram. They present a false investment proposal and invite them for a video call. Then, the sites redirect users to platforms hosting suspicious applications like Clusee, Cuesee, Meeten, Meetone, and Meetio. Once users download these applications, they begin stealing information such as cryptocurrency wallet addresses, banking data, and Telegram login credentials.
How Meeten Works and Impacts Users
Once installed on macOS or Windows, the malware started extracting data from the victim’s computer. On macOS, the malware displays a message indicating that the application is not supported by the user’s operating system and prompts for an admin password to run properly. The Atomic macOS Stealer and Cuckoo Stealer families also use this technique with osascript.
The malware employs its installer carrying what looks like a stolen legitimate signature of Brys Software Ltd., for it to run a Rust-based binary sourced over the internet. Security researchers warn that cybercriminals tend to increase their reliance upon AI tools to generate valid-looking scam websites. Of course, it is making identification of the malicious site very complex and making detection more difficult.
This scam, like earlier campaigns, includes the March discovery of meethub[.]gg targeting crypto users with fake meeting applications. June also saw the discovery of an operation known as markopolo, targeting crypto enthusiasts through fake virtual meeting software for stealing digital assets.
Increased usage of fake video apps that spread malware reveals an increased threat to the Web3 system. Users should be extra cautious in downloading applications, especially when attending online meetings from unknown firms or investment opportunities.
