PANews reported on December 9 that according to Cointelegraph, Cado Security Labs warned that a cyber fraud campaign targeting Web3 workers is spreading. Scammers use fake conference applications to inject malware and steal login credentials for websites, applications, and crypto wallets. Scammers use artificial intelligence to generate and fill websites and social media accounts, disguised as legitimate companies, and then contact potential targets to trick them into downloading a fake conference application called "Meeten" (the application is currently named "Meetio" and has frequently changed its name. In the past, it has also used names such as Clusee.com, Cuesee, Meeten.gg, Meeten.us and Meetone.gg). Once the user downloads and installs the application, the built-in Realst information stealer will begin searching for sensitive information, such as Telegram login information, bank card details, and crypto wallet information, and send this information back to the scammers. In addition, the stealer can search for browser cookies and auto-fill credentials for browsers such as Google Chrome and Microsoft Edge, as well as information from wallets such as Ledger, Trezor, and Binance.
To add credibility, scammers also set up company websites with AI-generated blogs, product content, and social media accounts. These fake websites not only trick users into downloading malware, but also use JavaScript to steal cryptocurrency stored in web browsers even before the malware is installed. Some users reported downloading the software while participating in calls related to Web3 work, which resulted in cryptocurrency theft. The scam has been active for about four months, and scammers have also created malware variants for macOS and Windows systems.
