A new cybersecurity threat dubbed “Meeten” is actively targeting professionals in the Web3 space through a fraudulent video conferencing platform. The campaign, discovered by Cado Security Labs, has been operational since September 2024 and affects both Windows and macOS systems.
The Attack Strategy
Cybercriminals initiate contact through social media, particularly Telegram, impersonating legitimate business contacts and proposing meetings through their fake platform. The scam employs sophisticated social engineering tactics, including AI-generated content and legitimate-looking websites using various brand names such as Clusee, Meetone, and Meetio.
Malware Capabilities
The Realst stealer malware, distributed through these fake platforms, targets:
– Cryptocurrency assets
– Banking information
– Browser data (cookies, credentials)
– Keychain credentials (Mac)
– Wallet information (Ledger, Trezor, Phantom, Binance)
Technical Implementation
MacOS Version:
– Distributed as ‘CallCSSetup.pkg’
– Uses osascript for privilege escalation
– Displays fake error messages while stealing data
Windows Version:
– Distributed as ‘MeetenApp.exe’
– Digitally signed with stolen certificates
– Uses sophisticated delivery mechanism with Electron app
– Maintains persistence through registry modifications
Protection Measures
Users should:
– Verify software legitimacy before installation
– Scan downloads with antivirus tools
– Be particularly cautious of unsolicited business meeting requests
– Double-check the authenticity of contact sources
The campaign specifically targets Web3 professionals, exploiting their involvement in cryptocurrency-related activities to steal digital assets and sensitive information.