Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Fake video conferencing apps are targeting Web3 workers to steal their data

Representational image depecting cybersecurity protection.

  • Web3 pros has been targeted with fake job offers via Telegram
  • They are later invited to a video call using an app called Meeten
  • However the app is a fake, and installs an infostealer that grabs crypto data, and other sensitive information

Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry.

Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS.

In some examples observed by the researchers, the victims were first contacted on Telegram, from a typosquatted account that impersonated a victim’s contact. They were offered a job opportunity, and even shared an investment presentation from the target’s company, meaning the attack was thoroughly prepared in advance.

Stealing crypto

If the victim takes the bait, they are invited to a video call, using a fake business meeting app called Meeten, but the researchers said the crooks rebranded the app numerous times in the past, using names such as Meetio, Meetone, Clusee, Cuesee, and others.

The app even comes with a professional-looking website, all to boost credibility and get the victim to download it - but it obviously doesn’t work, and displays a fake message that the victim needs to reinstall, or use a VPN.

While that message is displayed, the malware does the work in the background, stealing Telegram credentials, banking card details, Keychain credentials, browser cookies, login credentials stored in the browser, and more.

Since the majority of the victims work in the Web3 industry, it’s safe to assume the attackers, whoever they are, are after people’s cryptocurrency. The malware used in this attack is called Realst.

The fake job attack is nothing new. For years now, North Korean state-sponsored hackers Lazarus used it effectively, against Web3 developers. In fact, in one instance, the fake job attack resulted in one of the biggest heists in crypto history, in which Lazarus made away with roughly $600 million in various tokens.

Via BleepingComputer

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.