A recent warning from Cado Security Labs highlights a concerning trend in cyber threats targeting Web3 workers. Scammers are using artificial intelligence (AI) to generate fake meeting apps, websites, and social media accounts that appear legitimate, only to inject malware and steal sensitive information.
The "Meeten" App: A Malware Vector
The malicious app being distributed is called "Meeten," although it has also been referred to as "Meetio" in the past. The app’s name frequently changes, with a history of using names like Clusee.com, Cuesee, Meeten.gg, Meeten.us, and Meetone.gg. Once downloaded, the app contains a Realst info stealer that hunts for sensitive information, including:
- Telegram logins
- Banking card details
- Crypto wallet information
- Browser cookies
- Autofill credentials from applications like Google Chrome and Microsoft Edge
- Information on Ledger, Trezor, and Binance Wallets
Social Engineering and Spoofing: The Scammers’ Playbook
The scammers use social engineering tactics to gain the trust of their targets. They may pose as a colleague or business partner and contact the victim through Telegram or other messaging platforms. Once they’ve established a connection, they’ll prompt the victim to download the fake meeting app.
One user reported being contacted by someone claiming to be a colleague who wanted to discuss a business opportunity. However, it was later revealed that the person was an impersonator. The scammer even went so far as to send an investment presentation from the target’s company, indicating a sophisticated and targeted scam.
AI-Generated Content: A New Era in Social Engineering
The scammers are using AI to generate content for their campaigns, making it more difficult to detect suspicious websites. They’ve set up company websites with AI-generated blogs, product content, and accompanying social media accounts on platforms like X (formerly Twitter) and Medium.
While the focus has been on AI’s potential to create malware, threat actors are increasingly using it to generate content that adds legitimacy to their scams. This makes it challenging for security researchers to detect suspicious activity.
The Impact: Crypto Wallets Vulnerable to Malware
The fake meeting app cycles through names alongside a site filled with AI-generated content to appear more legitimate. To gain credibility, the scammers set up a company website with AI-generated blogs, product content, and accompanying social media accounts, including X (formerly Twitter) and Medium.
The scammers have created both a macOS and Windows variant of the malware. The scheme has been active for about four months, according to Cado’s threat research lead Tara Gould. Others have reported similar experiences, with some users losing their cryptocurrency after downloading the software.
Other Scams and Threats in the Web3 Ecosystem
This is not an isolated incident. In August, on-chain sleuth ZackXBT discovered 21 developers, probably North Koreans, working on various crypto projects involving fake identities. The FBI issued a warning in September about North Korean hackers targeting crypto companies and decentralized finance (DeFi) projects with malware disguised as employment offers.
Conclusion
The Web3 community must be vigilant against these sophisticated threats. Scammers are using AI to generate content that adds legitimacy to their scams, making it challenging for security researchers to detect suspicious activity. By staying informed and taking precautions, Web3 workers can protect themselves from falling victim to these malware campaigns.
Recommendations
- Verify the authenticity of emails and messages: Be cautious when receiving unsolicited communications, especially those related to business opportunities or investments.
- Use reputable antivirus software: Ensure that your device is protected with up-to-date antivirus software that includes AI-powered threat detection.
- Monitor your online activity: Regularly check your browser’s extensions, plugins, and permissions to prevent unauthorized access.
- Keep your devices and software updated: Stay current with the latest security patches and updates for your operating system, browser, and other applications.
By following these guidelines and staying informed about emerging threats, you can reduce the risk of falling victim to these sophisticated scams.
