Crypto Malware Targets Web3 Pros via Fake Meeting Apps

Hackers are targeting Web3 professionals with malware disguised as video conferencing apps, in an effort to steal cryptocurrency and sensitive data. The campaign, active since September 2024, primarily affects users on Windows and macOS.

The attack revolves around a fraudulent meeting platform called "Meeten," discovered by Cado Security Labs. The malware, named Realst, pilfers cryptocurrency assets, browser credentials, and banking details. Meeten's branding shifts frequently, with prior iterations named "Clusee," "Cuesee," and "Meetone." These counterfeit platforms use realistic websites and social media accounts filled with AI-generated material to appear credible.

On macOS, victims receive a file named “CallCSSetup.pkg.” When run, the malware prompts users for their system password, gaining elevated privileges. It then extracts data, including browser cookies, autofill credentials, Telegram credentials, and wallet information from apps like Ledger and Trezor. Exfiltrated data, along with system details, is sent to a remote server. The malware deceives users with a message claiming, "Cannot connect to the server. Please reinstall or use a VPN," while it steals data in the background.

The Windows version, distributed as “MeetenApp.exe,” carries a stolen digital certificate, making detection more challenging. It also modifies the registry to ensure persistence after reboots.

Cado Security Labs also warns that Meeten websites contain JavaScript designed to drain connected cryptocurrency wallets directly.

The campaign highlights the risks of downloading unverified software, especially in Web3 spaces where social engineering is prevalent. Web3 professionals should remain vigilant, avoid software recommended through unverified channels, and scan downloads using trusted antivirus platforms, such as VirusTotal.

Based on the data the FBI published, social engineering is the basis of 98% of all cyber crimes. Readers are advised to equip themselves with the necessary knowledge about social engineering attacks and the best methods of protection.