AI-Powered Crypto Scam Targets Web3 Workers with Fake Meeting Apps
2 Sources
2 Sources
[1]
Crypto-stealing scam targets Web3 workers with fake meeting apps
Web3 workers are being targeted by a campaign that uses fake meeting apps to inject malware and steal credentials to websites, apps and crypto wallets, Cado Security Labs warned. Scammers have been using artificial intelligence to generate and fill out websites and social media accounts to appear as legitimate companies before contacting potential targets to prompt them to download a meeting app, Cado's threat research lead Tara Gould wrote in a Dec. 6 report. The app is called "Meeten" but it's currently going by the name "Meetio" and regularly changes names. In the past, it has used Clusee.com, Cuesee, Meeten.gg, Meeten.us and Meetone.gg. The app contains a Realst info stealer and, once downloaded, will hunt for sensitive items such as a Telegram login, banking card details and information on crypto wallets to send back to the attackers. The stealer can also search for browser cookies and autofill credentials from applications like Google Chrome and Mircosoft Edge, along with info on Ledger, Trezor and Binance Wallets. The scheme can involve social engineering and spoofing. One user reported being contacted on Telegram by someone they knew who wanted to discuss a business opportunity, which was later outed as an impersonator. "Even more interestingly, the scammer sent an investment presentation from the target's company to him, indicating a sophisticated and targeted scam," Gould said. Others had reported "being on calls related to Web3 work, downloading the software and having their cryptocurrency stolen," Gould added. To help gain credibility, the scammers set up a company website with AI-generated blogs, product content and accompanying social media accounts, including X and Medium. "While much of the recent focus has been on the potential of AI to create malware, threat actors are increasingly using AI to generate content for their campaigns," Gould said. "Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites." The fake websites where users are prompted to download the malware-riddled software also contain Javascript to steal crypto stored in web browsers, even before installing any malware. Related: Crypto phishing scams to rise during holiday shopping season -- Cyvers The scammers created both a macOS and Windows variant. Gould says the scheme has been active for about four months. Other scammers have also been actively using these tactics. In August, onchain sleuth ZackXBT said he found 21 developers, alleged to be North Koreans, working on various crypto projects using fake identities. In September, the FBI issued a warning about North Korean hackers targeting crypto companies and decentralized finance projects with malware disguised as an employment offer. Magazine: BTC hits $100K, Trump taps Paul Atkins for SEC chair, and more: Hodler's Digest, Dec. 1 - 7
[2]
Fake video conferencing app is stealing passwords and spreading malware -- how to stay safe
Scammers are using AI to make their shady websites appear legitimate Cado Security Labs has identified a Realst info-stealer that uses a fake meeting app to steal crypto wallets and inject malware. The scammers are tricking web3 workers into downloading an app, which has been called Meeten, Meetio, Meeten.gg, Meeten.us, Meetone.gg, Cluesee.com and Cuesee -- it changes names frequently. The threat actors use AI to generate and fill out blogs, websites and social media accounts on X and Medium to appear as legitimate companies before contacting targets and prompting them to download the app. Once downloaded, the malware will search out sensitive information, including banking card details, Telegram logins, and information on crypto wallets - specifically Ledger, Trezor, Phantom and Binance wallets, which it sends back to the attackers. It can also search for browser cookies and autofill credentials from Google Chrome, Microsoft Edge and Opera, Brave, Arc, CocCoc and Vivaldi. One user was contacted by someone impersonating an acquaintance who then sent an investment presentation from the target's company to the target; others have reported being on calls related to web3 works and being instructed to download the software. Increasingly, AI is being used to generate content for malware campaigns. According to Cado Security Labs, threat research lead Tara Gould, "Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites." These fake websites, which prompt victims to download malware instead of legitimate software, also contain JavaScript that can steal crypto wallets stored in web browsers - and that's before it installs malware. According to Paul Scott, Solutions Engineer at Cado Security, "If a user has their wallet unlocked in their browser and visit a malicious website, the JavaScript on the site automatically checks if there are unlocked wallets present and will attempt to transfer crypto coins to a wallet the attacker controls." This campaign has been active for at least four months, has both macOS and Windows variants and appears to be a variant of the Realst infostealer first discovered in 2023 by security researcher iamdeadlyz. The researchers advise users to be careful when being approached about business opportunities -- especially through Telegram. Even if the contact appears to be an existing, known contact, it is essential to verify the account. Always be diligent when opening links. Never open anything from someone you don't know or are not expecting. If you receive a link, contact the sender and ask them if they've sent it and why. If they've sent something in Telegram and usually contact you in Slack, contact them on the platform where you typically discuss business. Make sure you're using one of the best antivirus software and that it's current and up-to-date. Use a secure browser if one is available, too.
Share
Copy Link
A sophisticated scam using AI-generated content and fake meeting apps is targeting Web3 workers to steal crypto wallets and sensitive information. The scheme involves social engineering and malware distribution.
AI-Powered Scam Targets Web3 Workers
A sophisticated crypto-stealing scam campaign is targeting Web3 workers, leveraging artificial intelligence (AI) to create convincing fake meeting apps and websites. Cado Security Labs has uncovered this scheme, which uses social engineering tactics to lure victims into downloading malware-infected applications 1.
The Deceptive "Meeten" App
The primary tool in this scam is a fake meeting app, which has operated under various names including "Meeten," "Meetio," "Clusee.com," and "Meetone.gg." This app contains a Realst info stealer, designed to hunt for sensitive information such as:
- Telegram logins
- Banking card details
- Crypto wallet information (Ledger, Trezor, Phantom, and Binance)
- Browser cookies and autofill credentials from popular browsers 2
AI-Generated Legitimacy
What sets this scam apart is its use of AI to generate convincing content. The threat actors create seemingly legitimate company websites with AI-generated blogs, product content, and accompanying social media accounts on platforms like X and Medium. This AI-powered approach allows scammers to quickly produce realistic website content, adding an air of legitimacy to their operations and making it more challenging to detect suspicious websites 1.
Sophisticated Social Engineering
The scammers employ targeted social engineering tactics. In one instance, a user reported being contacted on Telegram by an impersonator posing as a known contact to discuss a business opportunity. The scammer even sent an investment presentation from the target's own company, demonstrating the sophisticated and targeted nature of the attack 1.
Cross-Platform Threat
The malware campaign has both macOS and Windows variants, indicating a broad reach across different operating systems. The fake websites used to distribute the malware contain JavaScript that can steal crypto stored in web browsers even before the malware is installed 2.
Ongoing Threat and Precautions
This scam has been active for approximately four months, according to Cado Security Labs. To protect against such threats, users are advised to:
- Verify the identity of contacts, especially when approached about business opportunities.
- Be cautious when opening links, even from seemingly known contacts.
- Use up-to-date antivirus software and secure browsers.
- Be wary of unexpected communications, particularly those prompting software downloads 2.
Broader Implications
This scam is part of a growing trend of AI-assisted cyber threats. In August, onchain sleuth ZackXBT identified 21 developers, allegedly North Koreans, working on various crypto projects using fake identities. The FBI has also warned about North Korean hackers targeting crypto companies and DeFi projects with malware disguised as employment offers 1.
As AI continues to evolve, it's likely that we'll see more sophisticated scams leveraging this technology to create convincing fake personas and content, posing significant challenges for cybersecurity professionals and end-users alike.
NASA and IBM Unveil Surya: An AI Model for Predicting Solar Weather
NASA and IBM have developed Surya, an open-source AI model that can predict solar flares and space weather, potentially improving the protection of Earth's critical infrastructure from solar storms.
5 Sources
Technology
7 hrs ago
5 Sources
Technology
7 hrs ago
Meta Launches AI-Powered Voice Translation for Facebook and Instagram Creators
Meta introduces an AI-driven voice translation feature for Facebook and Instagram creators, enabling automatic dubbing of content from English to Spanish and vice versa, with plans for future language expansions.
8 Sources
Technology
1 day ago
8 Sources
Technology
1 day ago
OpenAI's GPT-6: Revolutionizing AI with Memory and Personalization
OpenAI CEO Sam Altman reveals plans for GPT-6, focusing on memory capabilities to create more personalized and adaptive AI interactions. The upcoming model aims to remember user preferences and conversations, potentially transforming the relationship between humans and AI.
2 Sources
Technology
1 day ago
2 Sources
Technology
1 day ago
DeepSeek and Baidu: China's Open-Source AI Revolution Challenges Western Dominance
Chinese AI companies DeepSeek and Baidu are making waves in the global AI landscape with their open-source models, challenging the dominance of Western tech giants and potentially reshaping the AI industry.
2 Sources
Technology
8 hrs ago
2 Sources
Technology
8 hrs ago
The Rise of 'AI Psychosis': Mental Health Concerns Grow as AI Chatbots Proliferate
A comprehensive look at the emerging phenomenon of 'AI psychosis', its impact on mental health, and the growing concerns among experts and tech leaders about the psychological risks associated with AI chatbots.
3 Sources
Technology
8 hrs ago
3 Sources
Technology
8 hrs ago
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
