Fake Meeting App Unleashes Crypto-Stealing Malware on Web3 Professionals

Fake Meeting App Unleashes Crypto-Stealing Malware on Web3 Professionals

Crypto Thieves Deploy Sophisticated “Meeten” Scam Targeting Web3 Professionals

A new cybersecurity threat dubbed “Meeten” is actively targeting professionals in the Web3 space through a fraudulent video conferencing platform. The campaign, discovered by Cado Security Labs, has been operational since September 2024 and affects both Windows and macOS systems.

The Attack Strategy
Cybercriminals initiate contact through social media, particularly Telegram, impersonating legitimate business contacts and proposing meetings through their fake platform. The scam employs sophisticated social engineering tactics, including AI-generated content and legitimate-looking websites using various brand names such as Clusee, Meetone, and Meetio.

Malware Capabilities
The Realst stealer malware, distributed through these fake platforms, targets:
– Cryptocurrency assets
– Banking information
– Browser data (cookies, credentials)
– Keychain credentials (Mac)
– Wallet information (Ledger, Trezor, Phantom, Binance)

Technical Implementation
MacOS Version:
– Distributed as ‘CallCSSetup.pkg’
– Uses osascript for privilege escalation
– Displays fake error messages while stealing data

Windows Version:
– Distributed as ‘MeetenApp.exe’
– Digitally signed with stolen certificates
– Uses sophisticated delivery mechanism with Electron app
– Maintains persistence through registry modifications

Protection Measures
Users should:
– Verify software legitimacy before installation
– Scan downloads with antivirus tools
– Be particularly cautious of unsolicited business meeting requests
– Double-check the authenticity of contact sources

The campaign specifically targets Web3 professionals, exploiting their involvement in cryptocurrency-related activities to steal digital assets and sensitive information.

Share This Article