June 19, 2024 at 07:00AM
A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing pages.
Based on the meeting notes provided, we have identified several key takeaways:
1. A threat actor known as markopolo has been uncovered as the instigator behind a large-scale cross-platform scam that specifically targets cryptocurrency users on social media with information stealer malware and carries out cryptocurrency theft.
2. The attack chains involve the use of a virtual meeting software named Vortax, along with 23 other apps, that act as a conduit to deliver Rhadamanthys, StealC, and Atomic macOS Stealer (AMOS).
3. The Vortax campaign has been linked to prior activity that used trap phishing techniques to target macOS and Windows users via Web3 gaming lures.
4. The threat actor behind the campaign, markopolo, leverages shared hosting and C2 infrastructure for all of the builds, indicating an agile and adaptable approach to launching and pivoting scams.
5. Additionally, the meeting notes highlight the exploitation of cloud storage services by SMS scammers to host phishing landing pages, posing a significant challenge for traditional URL scanning and firewall restrictions.
These takeaways provide a comprehensive overview of the reported cyber threats and demonstrate the necessity of heightened vigilance and security measures, particularly for cryptocurrency users and those susceptible to phishing techniques.