Hackers are using fake video conferencing apps to target Web3 professionals in a sophisticated scam campaign. The malicious apps, disguised as business meeting tools, deploy an information-stealing malware called Realst to compromise sensitive data.
According to cybersecurity researchers, the attackers create fake companies using AI-generated content to appear legitimate. The attackers reach out to victims on platforms like Telegram, proposing investment opportunities and inviting them to a video meeting. Victims are then directed to download the malicious app from fraudulent websites with names such as Clusee, Meeten, or Meetio.
Once installed, the app targets both Windows and macOS users. On macOS, the app displays a compatibility error and prompts the user to enter their system password, leveraging techniques seen in other malware families like Atomic macOS Stealer and MacStealer. On Windows, it uses a signed NSIS file embedded with a Rust-based malware executable retrieved from an attacker-controlled domain.
The ultimate goal is to steal sensitive data, including cryptocurrency wallet details, browser cookies, Telegram credentials, banking information, and iCloud Keychain data. The malware is capable of exploiting popular browsers like Chrome, Edge, Opera, Brave, and Vivaldi to extract stored credentials.
Cybercriminals increasingly use AI to craft realistic content for fraudulent websites, making their scams harder to detect. Cybercriminals also using this tactic in the past and observed in past campaigns, including a March attack using the fake “meethub[.]gg” website and another in June that employed bogus meeting software to steal from cryptocurrency users.
The emergence of new stealer malware families like Fickle Stealer and Wish Stealer highlights the growing threat. These malicious tools target users searching for pirated software or AI tools, adding to the rising complexity of cyberattacks.
To avoid falling victim to these scams, ensure you verify the authenticity of any software before downloading it. Always rely on official platforms or trusted sources, and avoid downloading apps from unknown links.
Employ strong, updated antivirus software and enable two-factor authentication (2FA) for added security. Regularly update your devices to address vulnerabilities and stay vigilant against unsolicited communication on platforms like Telegram.