Crypto Scam Targets Web3 Workers with Fake Meeting Apps

Web3 workers are being targeted by a sophisticated phishing scam that uses fake meeting apps to steal sensitive information and crypto.

According to a report by Cado Security Labs, the attackers employ AI to craft convincing websites, blogs, and social media profiles for fictitious companies.

These platforms are then used to lure victims into downloading malware-infected applications under the guise of legitimate business opportunities.

The malware, known as the Realst info-stealer, operates on macOS and Windows systems and steals credentials, financial details, and crypto wallet information.

Cado Security Labs has discovered a new malware campaign targeting Web3 workers with a sophisticated scam using AI-generated content to appear legitimate.
Read more in our latest blog post: https://t.co/Pj8Y82kaKY

— Cado (@CadoSecurity) December 6, 2024

Web3 Workers at Risk: How Are They Being Targeted?

The attackers behind this campaign have created an elaborate façade of legitimacy by establishing fake companies with names like “Meeten” and “Meetio.”

Crypto Scam Targets Web3 Workers with Fake Meeting Apps: Cado Security
Source: Cado Security

These entities change their branding frequently, cycling through domains such as “Clusee.com” and “Meeten.us.”

The scammers use AI to generate detailed websites filled with blog posts, product descriptions, and social media accounts to appear credible. These platforms mimic the professionalism of real businesses, making it challenging for victims to distinguish between legitimate and malicious actors. Once a target is identified, the attackers initiate contact through various methods, including direct messages on Telegram.

In many cases, they impersonate individuals known to the victim, using stolen personal details to bolster their claims.

For instance, some victims reported receiving messages from what appeared to be colleagues or professional acquaintances, only to discover later that the accounts were fake.

In one notable case, a victim was shown an investment presentation from their own company, which the attackers had stolen and repurposed to lend credibility to the scam.

After securing the victim’s trust, the scammers direct them to a well-designed website where they can download the purported meeting application. Unbeknownst to the victim, the software contains the Realst info-stealer, which immediately begins extracting sensitive information from the user’s device.

Even before the malware is installed, the fraudulent websites deploy malicious JavaScript to siphon crypto stored in web browsers.

How the Malware Steals Data

The Realst info-stealer is a sophisticated piece of malware that operates on both macOS and Windows systems, with versions tailored to each platform.

Crypto Scam Targets Web3 Workers with Fake Meeting Apps: Cado Security
Source: Cado Security

Once installed, it combs through the victim’s device to extract a wide range of data, including Telegram credentials, browser cookies, banking details, and cryptocurrency wallet information.

The malware targets popular browsers such as Google Chrome, Brave, and Microsoft Edge and wallet services like Ledger, Trezor, and Binance.

The malware disguises itself on macOS as a legitimate package file, often called CallCSSetup.pkg. When executed, it prompts the user for their system password under the pretence of resolving an error. It then uses this access to collect and exfiltrate sensitive data. The stolen information is compressed into a zip file and sent to remote servers controlled by the attackers.

The Windows variant, on the other hand, uses an Electron framework-based application called MeetenApp.exe. This version employs advanced obfuscation techniques, such as Bytenode-compiled JavaScript, to evade detection. Like its macOS counterpart, it collects system information and sensitive data before transmitting it to the attackers.

Both malware versions have high technical sophistication, with features designed to ensure persistence on the victim’s device and evade security tools checks.

Notably, a similar technical attack happened to the Solana ecosystem earlier this month.

A critical vulnerability was discovered in the Solana/web3.js library that can leak private keys through seemingly legitimate CloudFlare headers.

The post Crypto Scam Targets Web3 Workers with Fake Meeting Apps appeared first on Cryptonews.

HOT news

Related posts

Latest posts

Worrying Ripple and Ethereum Indicators, Latest Pi Community Updates: Bits Recap July 3

The cryptocurrency market has proven indicators of a revival over the previous few days, but Ripple’s XRP and Ethereum (ETH) nonetheless don’t appear to...

PlayStation simply struck a hammer blow to recreation preservation

Killing recreation discs is an anti-consumer transfer that solely advantages Sony.

Solana Prompts On-Chain Governance as SOL Good points 15%; LiquidChain L3 Presale Approaches $1M

Friday, 3 July 2026 – LiquidChain is right here as Solana launched a proper on-chain governance system, introducing structured group decision-making to the high-throughput...

Donald Trump Defends $1.2B Crypto Earnings: ‘Nothing Unlawful, Nothing Unsuitable’

US President Donald Trump defended his household’s crypto earnings throughout a CNBC interview, saying there was “nothing unlawful” and “nothing mistaken” with the companies...

This XRP Sign Has By no means Seemed Worse, However is That the Setup? (Analyst)

XRP climbed roughly 5% over the previous 24 hours, which helped the token reclaim the $1.10 stage. Regardless of the short-term restoration, it stays...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!