Industry News
Dec 16, 2024
Industry News
Industry News
Web3 Talent on High Alert as Sophisticated Malware Targets Crypto Wallets on Windows and macOS
Photo by: Mikhail Nilov on Pexels
Web3 job-hunting becomes risky as scammers impersonate employers.
The scammers leverage a fake meeting app to inject malware and steal cryptos.
The dubious app is sophisticated enough to steal cryptocurrencies on Windows and macOS even before it’s installed.
Cado Security Labs recently alerted the Web3 industry to a sophisticated scam targeting job seekers with fake meeting apps that inject malware on devices and drain crypto wallets on Windows and macOS.
The alert came barely three months after the U.S. Federal Bureau of Investigation’s (FBI) first-ever digital asset fraud report flagged a $5.6 billion crypto scam scourge that took a toll on the industry last year, underscoring the heavy price Web3 users pay after falling victims to scams. The multibillion-dollar losses were captured in over 69,000 complaints, accounting for nearly half of the total fraud losses reported by Americans in 2023.
Fast-forward to 2024, scamming is still rampant, with malicious actors leveraging new technologies like AI to target unsuspecting victims in highly coordinated attacks.
How Crypto Scammers Target Web3 Workers
In a recent report, Cado’s threat research lead Tara Gould said the latest Web3 security threat involves a crypto stealer Realst disguised as a fake meeting application known as “Meeten.” The dubious app,which has been renamed several times, is currently called 'Meetio' and carries both macOS and Windows variants designed to gather sensitive information, store stolen data, and exfiltrate it as a zip file.
“In order to appear as a legitimate company, the threat actors created a website with AI-generated content, along with social media accounts on Twitter and Medium. The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst info stealer,” Gould noted.
According to the report, the malware application contains JavaScript to steal digital assets stored on web browser extension wallets even before the user installs it, highlighting the danger it poses to both newbies and experienced Web3 users.
Once downloaded onto a computer, the Realst Stealer malware with macOS variant uses Osascript, the macOS command-line tool for running AppleScript and JavaScript, to prompt users for their password before beginning to wreak havoc. The malware hunts for and exfiltrates Telegram credentials, banking card details, keychain credentials, Ledger wallets, Trezor wallets, as well as browser cookies and autofill credentials from Microsoft Edge, Google Chrome, Brave, Opera, CocCoc, Vivaldi, and Arc.
Gould explained that the Windows version of the malware UpdateMC.exe, a Rust based binary with similar functionality to the macOS variant, to steal and exfiltrate the same details. However, this variant appears to be more sophisticated than the macOS version as it can access Binance Wallets and Phantom Wallets, which have millions of registered users.
Per the report, various users confirmed that they lost their cryptocurrencies after being targeted with the malware via “work-related” calls and text messages on social media platforms like Telegram.
“In one reported instance, a user was contacted on Telegram by someone they knew who wanted to discuss a business opportunity and to schedule a call. However, the Telegram account was created to impersonate a contact of the target. Even more interestingly, the scammer sent an investment presentation from the target’s company to him, indicating a sophisticated and targeted scam.” Gould said.
Cado’s report underscored how cybersecurity threats continue to plague Web3 despite the industry’s efforts to bolster security and user experience as crypto snowballs to the mainstream arena. Besides hindering adoption, malicious actors have siphoned billions from the industry, undermining innovation and destroying projects that took years to build.
The Financial Impact of Web3 Scams
In November, crypto security platform Scam Sniffer reported that 9,208 victims lost $9.38 million to phishing, where sophisticated social engineering scammers target crypto wallet users to steal their private keys. These keys, a string of letters and numbers, serve as passwords required to access digital assets.
While the losses were significantly down from the $20.2 million stolen by crypto scammers in September, the report noted that victim count remained high on Ethereum and Arbitrum networks.
Many of these scams are carried out by individuals or groups of rogue developers, including the infamous Lazarus Group. This North Korean hacking consortium has stolen over $3 billion in cryptocurrency since 2017. The group is also known for targeting Web3 job seekers with fraudulent employment offers and business opportunities, similar to the scammers identified in Cado’s report.
Web3 job-hunting becomes risky as scammers impersonate employers.
The scammers leverage a fake meeting app to inject malware and steal cryptos.
The dubious app is sophisticated enough to steal cryptocurrencies on Windows and macOS even before it’s installed.
Cado Security Labs recently alerted the Web3 industry to a sophisticated scam targeting job seekers with fake meeting apps that inject malware on devices and drain crypto wallets on Windows and macOS.
The alert came barely three months after the U.S. Federal Bureau of Investigation’s (FBI) first-ever digital asset fraud report flagged a $5.6 billion crypto scam scourge that took a toll on the industry last year, underscoring the heavy price Web3 users pay after falling victims to scams. The multibillion-dollar losses were captured in over 69,000 complaints, accounting for nearly half of the total fraud losses reported by Americans in 2023.
Fast-forward to 2024, scamming is still rampant, with malicious actors leveraging new technologies like AI to target unsuspecting victims in highly coordinated attacks.
How Crypto Scammers Target Web3 Workers
In a recent report, Cado’s threat research lead Tara Gould said the latest Web3 security threat involves a crypto stealer Realst disguised as a fake meeting application known as “Meeten.” The dubious app,which has been renamed several times, is currently called 'Meetio' and carries both macOS and Windows variants designed to gather sensitive information, store stolen data, and exfiltrate it as a zip file.
“In order to appear as a legitimate company, the threat actors created a website with AI-generated content, along with social media accounts on Twitter and Medium. The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst info stealer,” Gould noted.
According to the report, the malware application contains JavaScript to steal digital assets stored on web browser extension wallets even before the user installs it, highlighting the danger it poses to both newbies and experienced Web3 users.
Once downloaded onto a computer, the Realst Stealer malware with macOS variant uses Osascript, the macOS command-line tool for running AppleScript and JavaScript, to prompt users for their password before beginning to wreak havoc. The malware hunts for and exfiltrates Telegram credentials, banking card details, keychain credentials, Ledger wallets, Trezor wallets, as well as browser cookies and autofill credentials from Microsoft Edge, Google Chrome, Brave, Opera, CocCoc, Vivaldi, and Arc.
Gould explained that the Windows version of the malware UpdateMC.exe, a Rust based binary with similar functionality to the macOS variant, to steal and exfiltrate the same details. However, this variant appears to be more sophisticated than the macOS version as it can access Binance Wallets and Phantom Wallets, which have millions of registered users.
Per the report, various users confirmed that they lost their cryptocurrencies after being targeted with the malware via “work-related” calls and text messages on social media platforms like Telegram.
“In one reported instance, a user was contacted on Telegram by someone they knew who wanted to discuss a business opportunity and to schedule a call. However, the Telegram account was created to impersonate a contact of the target. Even more interestingly, the scammer sent an investment presentation from the target’s company to him, indicating a sophisticated and targeted scam.” Gould said.
Cado’s report underscored how cybersecurity threats continue to plague Web3 despite the industry’s efforts to bolster security and user experience as crypto snowballs to the mainstream arena. Besides hindering adoption, malicious actors have siphoned billions from the industry, undermining innovation and destroying projects that took years to build.
The Financial Impact of Web3 Scams
In November, crypto security platform Scam Sniffer reported that 9,208 victims lost $9.38 million to phishing, where sophisticated social engineering scammers target crypto wallet users to steal their private keys. These keys, a string of letters and numbers, serve as passwords required to access digital assets.
While the losses were significantly down from the $20.2 million stolen by crypto scammers in September, the report noted that victim count remained high on Ethereum and Arbitrum networks.
Many of these scams are carried out by individuals or groups of rogue developers, including the infamous Lazarus Group. This North Korean hacking consortium has stolen over $3 billion in cryptocurrency since 2017. The group is also known for targeting Web3 job seekers with fraudulent employment offers and business opportunities, similar to the scammers identified in Cado’s report.
Web3 job-hunting becomes risky as scammers impersonate employers.
The scammers leverage a fake meeting app to inject malware and steal cryptos.
The dubious app is sophisticated enough to steal cryptocurrencies on Windows and macOS even before it’s installed.
Cado Security Labs recently alerted the Web3 industry to a sophisticated scam targeting job seekers with fake meeting apps that inject malware on devices and drain crypto wallets on Windows and macOS.
The alert came barely three months after the U.S. Federal Bureau of Investigation’s (FBI) first-ever digital asset fraud report flagged a $5.6 billion crypto scam scourge that took a toll on the industry last year, underscoring the heavy price Web3 users pay after falling victims to scams. The multibillion-dollar losses were captured in over 69,000 complaints, accounting for nearly half of the total fraud losses reported by Americans in 2023.
Fast-forward to 2024, scamming is still rampant, with malicious actors leveraging new technologies like AI to target unsuspecting victims in highly coordinated attacks.
How Crypto Scammers Target Web3 Workers
In a recent report, Cado’s threat research lead Tara Gould said the latest Web3 security threat involves a crypto stealer Realst disguised as a fake meeting application known as “Meeten.” The dubious app,which has been renamed several times, is currently called 'Meetio' and carries both macOS and Windows variants designed to gather sensitive information, store stolen data, and exfiltrate it as a zip file.
“In order to appear as a legitimate company, the threat actors created a website with AI-generated content, along with social media accounts on Twitter and Medium. The company reaches out to targets to set up a video call, prompting the user to download the meeting application from the website, which is Realst info stealer,” Gould noted.
According to the report, the malware application contains JavaScript to steal digital assets stored on web browser extension wallets even before the user installs it, highlighting the danger it poses to both newbies and experienced Web3 users.
Once downloaded onto a computer, the Realst Stealer malware with macOS variant uses Osascript, the macOS command-line tool for running AppleScript and JavaScript, to prompt users for their password before beginning to wreak havoc. The malware hunts for and exfiltrates Telegram credentials, banking card details, keychain credentials, Ledger wallets, Trezor wallets, as well as browser cookies and autofill credentials from Microsoft Edge, Google Chrome, Brave, Opera, CocCoc, Vivaldi, and Arc.
Gould explained that the Windows version of the malware UpdateMC.exe, a Rust based binary with similar functionality to the macOS variant, to steal and exfiltrate the same details. However, this variant appears to be more sophisticated than the macOS version as it can access Binance Wallets and Phantom Wallets, which have millions of registered users.
Per the report, various users confirmed that they lost their cryptocurrencies after being targeted with the malware via “work-related” calls and text messages on social media platforms like Telegram.
“In one reported instance, a user was contacted on Telegram by someone they knew who wanted to discuss a business opportunity and to schedule a call. However, the Telegram account was created to impersonate a contact of the target. Even more interestingly, the scammer sent an investment presentation from the target’s company to him, indicating a sophisticated and targeted scam.” Gould said.
Cado’s report underscored how cybersecurity threats continue to plague Web3 despite the industry’s efforts to bolster security and user experience as crypto snowballs to the mainstream arena. Besides hindering adoption, malicious actors have siphoned billions from the industry, undermining innovation and destroying projects that took years to build.
The Financial Impact of Web3 Scams
In November, crypto security platform Scam Sniffer reported that 9,208 victims lost $9.38 million to phishing, where sophisticated social engineering scammers target crypto wallet users to steal their private keys. These keys, a string of letters and numbers, serve as passwords required to access digital assets.
While the losses were significantly down from the $20.2 million stolen by crypto scammers in September, the report noted that victim count remained high on Ethereum and Arbitrum networks.
Many of these scams are carried out by individuals or groups of rogue developers, including the infamous Lazarus Group. This North Korean hacking consortium has stolen over $3 billion in cryptocurrency since 2017. The group is also known for targeting Web3 job seekers with fraudulent employment offers and business opportunities, similar to the scammers identified in Cado’s report.
Share this article
Related Articles
Related Articles
Related Articles
