December 6, 2024 at 10:45AM
Cybercriminals have launched a campaign named “Meeten,” targeting Web3 professionals via fake video meetings that install crypto-stealing malware on Windows and Macs. The scheme uses sophisticated social engineering tactics to prompt users to download malicious software, compromising sensitive data, including cryptocurrency wallets and personal banking information.
### Meeting Takeaways on Cybersecurity Threats in Web3
**Overview of Threat:**
– Cybercriminals are targeting Web3 professionals with a campaign known as “Meeten,” using a fraudulent video conferencing platform.
– This campaign has been active since September 2024 and utilizes malware designed to steal cryptocurrency and sensitive information.
**Key Details of the Threat:**
– The malware infects both Windows and macOS systems, specifically designed to extract:
– Cryptocurrency assets
– Banking information
– Browser-stored data
– Keychain credentials (for Mac users)
**Nature of the Scam:**
– The malware is distributed via fictitious meeting software that lures users through phishing and social engineering tactics.
– Fake brands such as “Clusee,” “Cuesee,” “Meetone,” and “Meetio” are used, supported by convincingly crafted websites and social media accounts featuring AI-generated content.
– Scammers often impersonate known contacts to initiate communication and propose business opportunities, adding sophistication to the scheme.
**Methods of Deployment:**
– Victims are directed to download the malware disguised as a meeting application from the Meeten site.
– The Mac variant uses a package named ‘CallCSSetup.pkg’ and employs osascript for privilege escalation, while the Windows version is packaged as ‘MeetenApp.exe,’ digitally signed with a stolen certificate.
**Malware Functions:**
– Once installed, the malware:
– Requests user credentials for system access via deceptive prompts.
– Collects sensitive information such as:
– Telegram credentials
– Banking card details
– Browser cookies and saved form data
– Cryptocurrency wallet information (e.g., Ledger, Trezor)
**Data Exfiltration:**
– Collected data is zipped and sent to a remote server, also gathering machine-specific details.
**Recommendations for Users:**
– Prioritize verification of any software suggested through social media or unofficial channels.
– Use multi-engine antivirus tools like VirusTotal to scan files before installation.
– Stay vigilant, especially in the Web3 sector, where social engineering tactics are rampant.
**Conclusion:**
This detailed understanding of the “Meeten” malware campaign highlights the need for awareness and caution among individuals in the Web3 ecosystem. Continuous vigilance against social engineering tactics can help protect valuable cryptocurrency assets and personal information.