1. Home
  2. Global
  3. Web3 Workers Targeted by Fake Meeting App Malware Campaign

Web3 Workers Targeted by Fake Meeting App Malware Campaign

09 Dec
09Dec

A new wave of cyberattacks is targeting Web3 workers, with scammers employing sophisticated tactics to steal cryptocurrency and sensitive data.

According to Cado Security Labs, a malicious campaign leverages AI to generate convincing online personas and lure victims into downloading a tainted meeting app. This app, masquerading under various names like "Meeten," "Meetio," and "Clusee," contains the "Realst" info stealer.

How the Scam Works:

  • AI-Powered Deception: Scammers utilize AI to create realistic websites, social media profiles, and even company presentations, making their operations appear legitimate.
  • Social Engineering Tactics: Targets are contacted through platforms like Telegram, often by impersonating acquaintances or leveraging social engineering techniques to gain trust.
  • Malicious App Download: Victims are then enticed to download the "Meeten" app for virtual meetings.
  • Data Theft: Once installed, the "Realst" info stealer actively searches for sensitive information, including:
    • Telegram logins
    • Banking card details
    • Crypto wallet information (Ledger, Trezor, Binance)
    • Browser cookies and autofill credentials
  • Javascript-Based Stealing: Even before malware installation, the fake websites employ Javascript to steal crypto directly from web browsers.

Escalating Threat:

This campaign highlights the growing sophistication of cyberattacks. The use of AI to generate convincing content makes it increasingly difficult to identify and thwart these scams.

Not an Isolated Incident:

This isn't the first instance of such attacks.

  • In August, onchain sleuth ZackXBT uncovered a network of North Korean developers using fake identities to infiltrate cryptocurrency projects.
  • In September, the FBI issued a warning about North Korean hackers targeting crypto companies with malware disguised as employment offers.

Staying Safe:

  • Be Wary of Unverified Apps: Exercise extreme caution before downloading any apps from unverified sources.
  • Verify Contacts: Always independently verify the authenticity of any contact requesting you to download software.
  • Strong Passwords and 2FA: Implement strong, unique passwords for all online accounts and enable two-factor authentication wherever possible.
  • Regular Security Audits: Conduct regular security audits of your devices and online accounts to detect and mitigate potential threats.

This ongoing threat underscores the importance of vigilance and robust security measures in the evolving Web3 landscape.

December 2024, Cryptoniteuae

cyberattacks Web3 workers steal cryptocurrency sensitive data
15May
Major Crypto Firm BlockTower Loses Millions in Hack
28May
BIS Report: AI Strengthens Central Bank Defenses Against Cyberattacks
08Nov
North Korean Hackers Launch ‘Hidden Risk’ Campaign Targeting Crypto Firms with Sophisticated Malware
Comments
* The email will not be published on the website.