| Category | Details |
|---|---|
| Threat Actors | Threat actors leveraging AI-generated fake companies for scams; malware delivered through fake video conferencing apps. |
| Campaign Overview | Aimed at Web3 professionals, using fake business meetings and video apps to distribute Realst infostealer. |
| Target Regions (Victims) | Web3 professionals and cryptocurrency users, especially Russian-speaking entrepreneurs. |
| Methodology | – Setup of fake companies and websites. – Use of Telegram to lure targets into fake investment meetings. – Prompts users to download malware-laced conferencing apps. |
| Product Targeted | Web3 platforms, cryptocurrency wallets, Telegram, and business automation tools. |
| Malware Reference | Realst infostealer; overlaps with other stealers like Atomic macOS Stealer, Cuckoo, MacStealer, Banshee Stealer, and Cthulhu Stealer. |
| Tools Used | – AI for creating realistic website content. – osascript technique for macOS. – Electron app embedded in Windows installer. |
| Vulnerabilities Exploited | – Social engineering through Telegram. – Compromised software signatures (e.g., stolen Brys Software Ltd certificate). |
| TTPs | – Phishing via Telegram. – Deployment of OS-specific malware (macOS and Windows). – Use of stolen credentials and AI-driven legitimacy for campaigns. |
| Attribution | Campaign codenamed “Meeten” by Cado Security; overlaps with campaigns like “markopolo” and stealer families like Banshee Stealer and Atomic macOS Stealer. |
| Recommendations | – Avoid downloading apps from unverified sources. – Verify legitimacy of companies and meetings. – Use up-to-date antivirus and monitoring tools to detect unusual activity. |
| Source | TheHackersNews |
Read full article: https://thehackernews.com/2024/12/hackers-using-fake-video-conferencing.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply