Cybersecurity researchers at Cado Security have found a new scam campaign targeted at Web3 workers.
Threat actors behind the scam leverage a fake video conferencing app called “Meeten” to spread their malware targeting people working in Web3 under the guise of fake business meetings.
The company regularly changes names, and has also gone by Clusee[.]com, Cuesee, Meeten[.]gg, Meeten[.]us, Meetone[.]gg and is currently going by the name Meetio per Cado Security.
Also read: FakeCall: New Android Malware Exploiting Vishing to Steal Sensitive User Data
How the attack occurs
According to Cado Security researcher Tara Gould, “The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy, The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst infostealer.”
The disguise company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst info stealer.
Users who end up on the site are prompted to download a Windows or macOS version depending on the operating system used. Once installed and launched on macOS, users are greeted with a message that claims “The current version of the app is not fully compatible with your version of macOS” and that they need to enter their system password for the app to work as expected.
The end goal of the attack is to steal various kinds of sensitive data such as cryptocurrency wallets, banking card details, keychain credentials, ledger wallets, trezor wallets, telegram credentials, and browser cookies and later export them to a remote server.
Preventive measures
Cado Security urges users to exercise caution when being approached about business opportunities, especially through Telegram. Even if the contact appears to be an existing contact, it is important to verify the account and always be diligent when opening links.
Source: Cado Security
About Author
