Cybersecurity researchers have uncovered a new threat targeting Web3 professionals. Hackers use fake video apps (video conferencing apps) to steal sensitive information. This malware, called Realst, poses as legitimate software for business meetings.
The attackers create fake companies to trick professionals. These fake companies appear legitimate by using AI-generated content for websites, emails, and branding. Hackers contact potential victims and invite them to business meetings. They convince their targets to download a fake app from a fraudulent website.
The Meeten Campaign and Its Fake Websites
The security firm Cado Security has named this scam campaign “Meeten.” Hackers use fake website names such as Meeten, Meetone, Cuesee, and Meetio. The websites host fake apps for both Windows and macOS users.
Hackers first approach victims on Telegram. They discuss fake investment opportunities to gain the victim’s trust. Victims are then invited to a video call on the fake app.
Once victims download and install the app, the malware gets activated. This malware can access sensitive data, including cryptocurrency wallets and personal information.
The Danger for macOS Users
On macOS, the app asks for the system password. Hackers claim the app is incompatible without this password. When the user provides the password, the malware gains full access to the system.
Hackers use osascript, which is popular among many macOS malware families. Examples include Atomic macOS Stealer and Banshee Stealer. This technique allows the malware to steal sensitive data.
What the Malware Steals
Realst malware is designed to steal critical information from victims. It can access cryptocurrency wallets, banking information, Telegram credentials, and iCloud Keychain data. The malware also collects cookies from popular browsers like Chrome, Edge, Brave, and Opera. The stolen data is sent to remote servers controlled by hackers.
Windows Users Also At Risk
The Windows version of the fake app uses a signed installer file. Hackers likely use stolen certificates to make the app appear genuine.
When installed, the app downloads a malicious file from hacker-controlled servers. This file is written in Rust and steals user data. The malware then exports this data to the attackers.
AI Is Helping Hackers for Fake Video Apps
Hackers now use AI tools to create realistic websites and emails. AI-generated content makes these scams look legitimate. This increases the chances of victims falling for the fake apps. Cybersecurity researchers warn that AI makes detecting suspicious websites harder.
Also read | DroidBot Android Trojan Targeting Banks and Cryptocurrency Exchanges
Similar Attacks in the Past
This is not the first time hackers have used fake meeting apps for scams. In March, Jamf Threat Labs reported a fake website called meethub[.]gg. This site spreads malware similar to Realst.
In June, another campaign targeted cryptocurrency users with fake virtual meeting apps. This attack used malware like Rhadamanthys and Stealc to steal funds.
New Fake Video Apps Malware
Cybersecurity experts are also seeing new malware families emerge. Some recent examples include Fickle Stealer, Wish Stealer, and Celestial Stealer. Hackers target users searching for pirated software or AI tools.
The RedLine Stealer and Poseidon Stealer are two examples used in such campaigns. These stealers can steal browser data and credentials.
Banshee Stealer Shuts Down
Banshee Stealer, a macOS malware, recently stopped operations after its source code leaked online. The malware was previously sold for $3,000 per month, and the leak forced hackers to shut down their distribution network.
Why Web3 Professionals Are Prime Targets
Hackers focus on Web3 professionals because of their access to cryptocurrency wallets and financial assets. These professionals also use software to automate processes, making them attractive targets.
The RedLine Stealer campaign recently targeted Russian-speaking entrepreneurs. Hackers aimed to steal valuable data from organizations in this sector.
Also read | Cybercriminals Deploy 100K+ Malware Android Apps to Steal OTP Codes
Steps to Protect Yourself from Fake Video Apps
Web3 professionals must remain cautious and avoid suspicious apps. Only download apps from trusted sources. Verify website URLs before downloading software.
Install reliable antivirus software and update your system regularly. Use strong, unique passwords for your accounts. Do not share system passwords with unknown apps or platforms. Stay vigilant when receiving unsolicited emails or messages.
Conclusion: Fake Video Apps
Hackers are evolving their tactics to exploit Web3 professionals. Fake video conferencing apps are their latest strategy. These scams use AI to appear legitimate and trick unsuspecting users.
Web3 professionals must adopt cybersecurity best practices to protect their data. Awareness and caution are key to avoiding these malicious campaigns. Stay informed and secure your digital assets.
