Web3 Workers Targeted by Malware Campaign Using Fake Meeting Apps: Cado Security Labs

Web3 Workers Targeted by Malware Campaign Using Fake Meeting Apps: Cado Security Labs

According to cybersecurity firm Cado Security Labs, Web3 professionals are the latest victims of a sophisticated malware campaign that employs fake meeting apps to steal sensitive credentials and crypto assets.

In a report released on December 6, Cado’s threat research lead, Tara Gould, detailed how scammers are leveraging artificial intelligence (AI) to craft convincing websites and social media profiles that mimic legitimate companies.

The malicious app, initially called “Meeten,” has undergone several rebrands, now operating as “Meetio” and previously using domains such as Clusee.com, Cuesee, Meeten.gg, and Meetone.gg.

EXPLORE: Crypto Tax Guide 2024

Malicious App Deploys Information Stealer Once Downloaded

Once downloaded, the app deploys a Realst information stealer to extract sensitive data, including Telegram logins, banking information, and cryptocurrency wallet credentials.

The malware also targets browser cookies, autofill data from applications like Google Chrome and Microsoft Edge, and information from crypto wallets such as Ledger, Trezor, and Binance Wallet.

The attackers employ a combination of social engineering and spoofing tactics. Gould highlighted a case where a victim was approached on Telegram by someone impersonating a known contact.

The scammer shared an investment presentation from the victim’s company.. Other reports include incidents where individuals participated in Web3-related calls, downloaded the fraudulent software, and subsequently lost cryptocurrency holdings.

To bolster their credibility, the scammers utilize AI to generate blogs, product descriptions, and social media content for their fake company websites.

These websites, often hosted on platforms like X (formerly Twitter) and Medium, add an air of legitimacy to the campaign, making it harder for users to detect malicious intent.

“While much of the recent focus has been on the potential of AI to create malware, threat actors are increasingly using AI to generate content for their campaigns,” Gould said.

“Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites.” 

EXPLORE: 17 Best Crypto to Buy Now in 2024

Fake Websites Include Code Capable of Stealing Crypto

In some cases, the fake websites include JavaScript code that is capable of stealing crypto directly from web browsers before any malware is installed.

Both macOS and Windows versions of the malware have been identified, and the campaign has reportedly been active for around four months.

Similar schemes have surfaced recently. In August, on-chain investigator ZackXBT identified 21 developers, likely linked to North Korea, using fake identities to infiltrate crypto projects.

Additionally, in September, the FBI warned of North Korean hackers targeting crypto firms and decentralized finance (DeFi) projects with malware disguised as job offers.

Last week, Japanese cryptocurrency exchange DMM Bitcoin announced its closure following a massive security breach in May that resulted in over $300 million losses.

The exchange confirmed that its assets will be acquired by SBI VC Trade, the crypto arm of Japan’s SBI Group, as part of a planned transition.

EXPLORE: $300 Million Exploit: Japan’s DMM Bitcoin Exchange Suffers Largest Hack Of 2024

Join The 99Bitcoins News Discord Here For The Latest Market Updates

The post Web3 Workers Targeted by Malware Campaign Using Fake Meeting Apps: Cado Security Labs appeared first on 99Bitcoins.

Related Content

Will Bitcoin Surge Despite Current Prices?

South Korea Reaches 15.59 Million Cryptocurrency Investors Amid Rapid Growth

Ethereum’s Vitalik Buterin Reveals How AI Can Go Mainstream

Leave a Comment