Fake video conferencing apps are targeting Web3 workers to steal their data

Web3 pros has been targeted with fake job offers via Telegram
They are later invited to a video call using an app called Meeten
However the app is a fake, and installs an infostealer that grabs crypto data, and other sensitive information

Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry.

Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS.

In some examples observed by the researchers, the victims were first contacted on Telegram, from a typosquatted account that impersonated a victim’s contact. They were offered a job opportunity, and even shared an investment presentation from the target’s company, meaning the attack was thoroughly prepared in advance.

Stealing crypto

If the victim takes the bait, they are invited to a video call, using a fake business meeting app called Meeten, but the researchers said the crooks rebranded the app numerous times in the past, using names such as Meetio, Meetone, Clusee, Cuesee, and others.

The app even comes with a professional-looking website, all to boost credibility and get the victim to download it – but it obviously doesn’t work, and displays a fake message that the victim needs to reinstall, or use a VPN.

While that message is displayed, the malware does the work in the background, stealing Telegram credentials, banking card details, Keychain credentials, browser cookies, login credentials stored in the browser, and more.

Since the majority of the victims work in the Web3 industry, it’s safe to assume the attackers, whoever they are, are after people’s cryptocurrency. The malware used in this attack is called Realst.

The fake job attack is nothing new. For years now, North Korean state-sponsored hackers Lazarus used it effectively, against Web3 developers. In fact, in one instance, the fake job attack resulted in one of the biggest heists in crypto history, in which Lazarus made away with roughly $600 million in various tokens.

Via BleepingComputer

Source link