Recent cybersecurity reports reveal that workers within the Web3 space are becoming increasingly vulnerable to sophisticated scams employing fake meeting applications. Cado Security Labs has highlighted a concerning trend where scammers utilize artificial intelligence to fabricate authentic-looking websites and social media profiles, thereby luring potential victims into downloading malicious software.
The application in question, initially branded as “Meeten,” has undergone several name changes, currently operating as “Meetio.” This deceptive tool has also appeared under various aliases including Clusee.com and Meeten.gg. Upon installation, the application embeds a sophisticated info-stealing malware designed to extract sensitive data such as login credentials for Telegram, banking details, and information related to cryptocurrency wallets.
According to expert analysis, this malware is capable of scrutinizing browser cookies and autofill data from popular web browsers like google Chrome and Microsoft Edge. It specifically targets information related to crypto wallets from Ledger, Trezor, and Binance, effectively allowing attackers to siphon funds from unsuspecting users.
The scam often relies on social engineering tactics, with perpetrators impersonating known contacts to initiate discussions about supposed business opportunities. In one reported case, a scammer sent an investment presentation purportedly from a legitimate company, showcasing the deceptive sophistication behind these attacks. Victims have recounted experiences of joining calls related to Web3 projects, only to subsequently have their cryptocurrency stolen after downloading the malicious software.
To enhance their credibility, scammers routinely establish fake company websites featuring AI-generated blogs and social media content. This clever use of artificial intelligence not only streamlines the content creation process but also effectively disguises scams, making it far more challenging to identify fraudulent sites. Notably, the fraudulent websites are often equipped with Javascript designed to extract cryptocurrency stored in browser wallets, compounding the risk for users.
The scheme has reportedly been operational for several months, coinciding with a broader warning issued by the FBI regarding targeted attacks from North Korean hackers in the cryptocurrency sector. As the threat landscape continues to evolve, vigilance and skepticism remain crucial in the fight against such malicious endeavors.
