Deceptive Video Call Apps Target Web3 Investors in Sophisticated AI-Powered Scam

Deceptive Video Call Apps Target Web3 Investors in Sophisticated AI-Powered Scam

New Scam Campaign Targets Web3 Professionals Through Fake Video Conferencing Apps

Cybersecurity experts have identified a sophisticated scam campaign using counterfeit video conferencing applications to distribute the Realst information stealer, specifically targeting Web3 professionals. The operation, dubbed “Meeten,” creates convincing fake companies using AI to enhance legitimacy.

The attack methodology involves:
– Initial contact through Telegram discussing investment opportunities
– Directing targets to fraudulent meeting platforms (Clusee, Cuesee, Meeten, Meetone, Meetio)
– Prompting downloads for Windows or macOS versions

On macOS systems, the malware:
– Claims compatibility issues requiring system password entry
– Uses osascript technique common among various macOS stealer families
– Targets sensitive data including cryptocurrency wallets, Telegram credentials, banking information, and browser data

The Windows version features:
– Signed NSIS file using stolen Brys Software Ltd. credentials
– Electron application that downloads Rust-based stealer executable

The malware can extract data from multiple browsers including Chrome, Edge, Opera, Brave, Arc, and Vivaldi. This campaign follows similar attacks like meethub[.]gg and markopolo, which targeted cryptocurrency users with various stealer malware.

The trend coincides with the emergence of new stealer families (Fickle, Wish, Hexon, Celestial) and increased targeting of users seeking pirated software and AI tools through RedLine and Poseidon Stealers.

Share This Article