Cybersecurity researchers have uncovered a sophisticated scam campaign using counterfeit video conferencing apps to spread an information-stealing malware called Realst, targeting individuals in the Web3 sector. The malicious operation is disguised as business meetings and has been dubbed Meeten by Cado Security.
The threat actors use AI-generated content to enhance their authenticity, setting up fake companies and reaching out to targets under the pretense of scheduling a video call. Users are then directed to download a fake meeting application from the company’s website, which installs the Realst infostealer.
The attackers primarily approach potential victims on Telegram, presenting lucrative investment opportunities. They direct the targets to join video calls hosted on malicious platforms, depending on their operating system. The scam prompts users to download an app for Windows or macOS, with the goal of stealing sensitive data, including cryptocurrency wallet details and banking information.
The malware’s primary objective is to steal sensitive data using various techniques, including a Nullsoft Scriptable Installer System (NSIS) file signed with a potentially stolen legitimate certificate. This technique demonstrates the growing sophistication of cybercrime campaigns.
Experts note that this tactic is not new, as similar campaigns have been uncovered in recent months. However, the discovery of the Meeten campaign highlights the importance of vigilance in the face of increasingly advanced cyber threats.
Businesses and individuals are urged to remain cautious, verify the authenticity of applications, and implement robust cybersecurity measures to protect sensitive information from being compromised.
Source: https://www.the420.in/hackers-use-fake-video-conferencing-apps-to-deploy-realst-malware-targeting-web3-professionals