Cado Security Labs reveals a sophisticated phishing campaign targeting Web3 professionals. The campaign is based on fake meeting applications and aims to steal sensitive information.
The security report declared that attackers populate sites, blogs, and even social media profiles of fictitious companies that look fake by exploiting artificial intelligence. They lure victims into installing malware-stuffed apps purported to be a legitimate tool set.
The malware, Realst malicious info stealer, is meant to run on Windows and macOS machines. It steals credentials, financial information, and crypto wallet details from compromised devices.
Sometimes, using names like ‘Meeten’ and ‘Meetio,’ they set up companies under those names, though often with the same rebrands and domain cycling in areas such as ‘Clusee.com’ and ‘Meeten.us’ to try and stay off the radar.
The New Face of Crypto Scams
The attackers use AI to produce good-looking websites full of blog posts, product details, and social media accounts that appear just like their real-life counterparts. This careful setup makes it increasingly difficult for victims to tell between the authentic and malicious.
Most of the time, scammers contact people through direct messages on platforms like Telegram. Often, they impersonate people the victims know, having stolen their details to appear trustworthy.
One example involves a company selling its investment pitch to a victim. The company stole and changed that presentation to give it the air of credibility needed to run its scheme.
When the person is trusted, direction is given to download the meeting app from the professional website. The software contains Realst, which the info-stealer uses to harvest sensitive data immediately upon installation.
Not only do the fraudulent websites use malicious JavaScript to intercept cryptocurrency stored in web browsers before the malware is even fully installed, but this malicious JavaScript also attempts to corrupt the user’s system in other ways.
Web3’s high-sophistication phishing campaign involving AI and deceptive tactics is a testament to the expanding threats in this space. Cado Security Labs advises Web3 professionals to be cautious, verify website or app authenticity, and not download software from untrusted sources.
Crypto Scammers Targets MacOS and Windows Users
Realst is a Windows and macOS malware info stealer. It performs credential theft and extracts industrial, financial, and crypto wallet data from compromised devices. Names like ‘Meeten’ and ‘Meetio’ appear to be used to set up companies. So often, out of rebranding and cycling domains such as ‘Clusee.com’ and ‘Meeten.us,’ they try to fly under the proverbial radar.
Attackers use AI to set up potentially malicious websites, mimicking those of legitimate targets with blog posts, product details, and social media accounts looking just like those of trustworthy owners. This setup is increasingly doing victims a disservice, making it difficult to distinguish between genuine and harmful.
Scammers often contact individuals via direct messages on platforms such as Telegram. They frequently impersonate acquaintances of the victims, using stolen personal details to gain trust.
A company sells its investment pitch to a victim. They altered the presentation to make it seem credible for their scheme. When trusted, the person can download the meeting app from the official website. The software contains Realst, which harvests sensitive data immediately upon installation by the info-stealer.
Fraudulent websites use malicious JavaScript to intercept crypto in web browsers before malware is fully installed. This JavaScript also tries to corrupt the user’s system in other ways.
