A new malware is targeting cryptocurrency wallets and other sensitive information of web3 professionals by disguising itself as a fake meeting application.
According to the cybersecurity company Cado Security Labs, the malware, called Realst, has been active for about four months, targeting cryptocurrency wallets, browser credentials, bank card data and hardware wallet information disguised as an application. of false meeting.
The stealthy malware, which can infiltrate Windows and Mac operating systems, is distributed via AI-generated websites designed to look like a genuine platform, complete with manufactured product reviews, blog posts, and social media accounts to strengthen their credibility.
The researchers warned that scammers are “increasingly using AI to generate content for their campaigns”, which allows them to easily create “realistic website content”, making it difficult to spot scams.
The application is known to change names and has been identified under aliases such as Clusee(.)com, Cuesee, Meeten(.)gg, Meeten(.)us, Meetone(.)gg, with its current name, Meetio.
Social engineering plays a key role in this campaign as scammers approach victims via social networking platforms such as Telegram, often impersonating trusted contacts or using fabricated business opportunities to lure victims to their websites.
As an added threat, the report warned that the websites in question also run malicious Java scripts in the background that “steal cryptocurrency that is stored in web browsers, even before installing any malware.”
Similar tactics have been used to target crypto holders on several occasions. Last month, a whale investor lost more than $6 million in crypto after scammers social engineered him to click a malicious link that mimicked video conferencing platform Zoom.
The $50m hack of decentralized financial protocol Radiant Capital was also the result of a social engineering scheme where bad actors unfolded malware disguised as a PDF file.
Coinbase experts doubled social engineering scams as the “number one threat to crypto enthusiasts” in an exclusive interview.
Scammers have managed to drain it billion value of funds from the crypto sector over the years. In November alone, there were losses from crypto phishing scams more than $9 million.