| Category | Details |
|---|---|
| Threat Actors | Threat actors leveraging AI-generated fake companies for scams; malware delivered through fake video conferencing apps. |
| Campaign Overview | Aimed at Web3 professionals, using fake business meetings and video apps to distribute Realst infostealer. |
| Target Regions (Victims) | Web3 professionals and cryptocurrency users, especially Russian-speaking entrepreneurs. |
| Methodology | - Setup of fake companies and websites. - Use of Telegram to lure targets into fake investment meetings. - Prompts users to download malware-laced conferencing apps. |
| Product Targeted | Web3 platforms, cryptocurrency wallets, Telegram, and business automation tools. |
| Malware Reference | Realst infostealer; overlaps with other stealers like Atomic macOS Stealer, Cuckoo, MacStealer, Banshee Stealer, and Cthulhu Stealer. |
| Tools Used | - AI for creating realistic website content. - osascript technique for macOS. - Electron app embedded in Windows installer. |
| Vulnerabilities Exploited | - Social engineering through Telegram. - Compromised software signatures (e.g., stolen Brys Software Ltd certificate). |
| TTPs | - Phishing via Telegram. - Deployment of OS-specific malware (macOS and Windows). - Use of stolen credentials and AI-driven legitimacy for campaigns. |
| Attribution | Campaign codenamed “Meeten” by Cado Security; overlaps with campaigns like “markopolo” and stealer families like Banshee Stealer and Atomic macOS Stealer. |
| Recommendations | - Avoid downloading apps from unverified sources. - Verify legitimacy of companies and meetings. - Use up-to-date antivirus and monitoring tools to detect unusual activity. |
| Source | TheHackersNews |
Read full article: https://thehackernews.com/2024/12/hackers-using-fake-video-conferencing.html
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply