Fake video conferencing apps are targeting Web3 workers to steal their data

Representational image depecting cybersecurity protection

(Image credit: Shutterstock)

Web3 pros has been targeted with fake job offers via Telegram
They are later invited to a video call using an app called Meeten
However the app is a fake, and installs an infostealer that grabs crypto data, and other sensitive information

Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry.

Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS.

In some examples observed by the researchers, the victims were first contacted on Telegram, from a typosquatted account that impersonated a victim’s contact. They were offered a job opportunity, and even shared an investment presentation from the target’s company, meaning the attack was thoroughly prepared in advance.

Stealing crypto

If the victim takes the bait, they are invited to a video call, using a fake business meeting app called Meeten, but the researchers said the crooks rebranded the app numerous times in the past, using names such as Meetio, Meetone, Clusee, Cuesee, and others.

The app even comes with a professional-looking website, all to boost credibility and get the victim to download it - but it obviously doesn’t work, and displays a fake message that the victim needs to reinstall, or use a VPN.

While that message is displayed, the malware does the work in the background, stealing Telegram credentials, banking card details, Keychain credentials, browser cookies, login credentials stored in the browser, and more.

Since the majority of the victims work in the Web3 industry, it’s safe to assume the attackers, whoever they are, are after people’s cryptocurrency. The malware used in this attack is called Realst.

The fake job attack is nothing new. For years now, North Korean state-sponsored hackers Lazarus used it effectively, against Web3 developers. In fact, in one instance, the fake job attack resulted in one of the biggest heists in crypto history, in which Lazarus made away with roughly $600 million in various tokens.

Via BleepingComputer

Beware — that dream job offer could be malware sent by Iranian hackers
Here's a list of the best antivirus
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.