Introduction
Web3 workers are facing a growing cybersecurity threat, where scammers leverage fake meeting apps laced with malware to steal sensitive information. According to Cado Security Labs, these campaigns use artificial intelligence to create convincing fake company websites and social media profiles, further enhancing their capability to deceive victims.
Fake Meeting Apps Masquerading as Legitimate Tools
Fraudulent apps like “Meeten” and “Meetio” pose as legitimate business tools. Once installed, the apps then unleash Realst info-stealing malware to siphon sensitive data such as:
Telegram logins
- Cryptocurrency wallet information, like Ledger, Trezor, Binance Wallets
- Browser cookies and autofill credentials in Google Chrome and Microsoft Edge
- These apps are named and domains changed frequently to evade, including “Clusee.com,” “Cuesee,” “Meeten.gg,” and “Meetone.gg.”
Advanced Social Engineering
The scam relies on social engineering. Victims often receive pitches from impersonators masquerading as business contacts over platforms like Telegram.
In another case, a victim received an investment presentation with their company’s logo on it-a sign of how tailored and sophisticated these scams can be. Others reported downloading the fake app during calls related to Web3 and subsequently losing cryptocurrency.
AI-Enhanced Content Creation
Cado Security Labs’ threat research lead, Tara Gould, pointed out that threat actors are increasingly using AI. Scammers fill their websites with real blogs, product pages, and social media content created by AI. This doesn’t only give credibility to their schemes but also makes it harder to spot fraudulent sites.
“Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams,” Gould noted.
Multi-Platform Threat
It is highly versatile because it operates across macOS and Windows systems. Additionally, the malware uses fake websites hosting the malware that siphon cryptocurrency directly from users’ browsers-even before the malware is installed.
Broader Implications
This scam shares similarities with tactics linked to North Korean hackers. In August, ZackXBT uncovered 21 developers tied to crypto fraud schemes using fake identities. In September, the FBI warned of malware disguised as job offers targeting crypto firms and decentralized finance projects.
Protecting Against Scams
To mitigate risks, Web3 workers should:
- Verify meeting apps and company websites before downloading software
- Enable two-factor authentication for critical accounts
Do not click on unsolicited links or download unknown apps. Being alert will help protect sensitive information and cryptocurrency assets.
