Think Tank Pushes Amazon to Consider Bitcoin as a Corporate Treasury Hedge
December 9, 2024
BitGo Expands Bitcoin Staking Opportunities with Core DAO: A New Frontier for Institutional Yield
December 10, 2024Web3 Workers Targeted by AI-Driven Malware Campaign Stealing Crypto Credentials
Web3 workers are increasingly becoming the target of a sophisticated scam campaign that uses fake meeting apps to inject malware, stealing sensitive credentials for websites, apps, and crypto wallets. According to a report from Cado Security Labs, this threat leverages artificial intelligence (AI) to create highly convincing fake websites and social media profiles, making it difficult for targets to distinguish between legitimate and fraudulent sources.
How the Scam Works: Fake Meeting App and AI-Generated Legitimacy
The scam revolves around a fake meeting app called Meeten, which has been renamed Meetio in its latest iteration. Previously, it has also gone by names such as Clusee.com, Cuesee, Meeten.gg, Meeten.us, and Meetone.gg. Once the victim is persuaded to download the app, it injects malware designed to steal a wide range of sensitive information, including:
- Telegram logins
- Banking card details
- Crypto wallet information, particularly for popular wallets like Ledger, Trezor, and Binance Wallet.
- Browser cookies and autofill credentials from applications such as Google Chrome and Microsoft Edge.
The malware is capable of silently scanning for and sending this sensitive data back to the attackers, making it an especially dangerous threat for those in the Web3 and cryptocurrency space.
The Role of Social Engineering and Impersonation
Cado’s report highlights that the campaign relies heavily on social engineering tactics, including impersonation and spoofing. One victim reported being contacted on Telegram by someone they thought was a business associate. The attacker, posing as this acquaintance, convinced the target to download the malicious software under the guise of discussing a business opportunity.
Interestingly, the scammer even sent the target an investment presentation from the target’s own company, adding a layer of sophistication to the scam and indicating that it was highly targeted.
Other victims have reported downloading the malware during Web3-related calls, only to later discover that their cryptocurrency was stolen.
AI-Generated Content Adds Legitimacy to the Scam
To increase the believability of the scam, the attackers go as far as creating fully functional websites and social media accounts for the fake companies involved. Using AI, the scammers generate blog posts, product descriptions, and other content that mirrors legitimate corporate communications. These fake sites often include AI-generated content that makes them appear legitimate, with links to social media accounts on platforms like X (formerly Twitter) and Medium.
“Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites,” explained Tara Gould, Cado Security’s threat research lead.
Even before the malware is fully downloaded, the scam websites contain embedded JavaScript designed to steal cryptocurrency stored in users’ web browsers. This proactive method of stealing assets makes the threat particularly insidious, as the victim might not even realize their crypto has been compromised until much later.
Both macOS and Windows versions of the malware exist, broadening the scope of potential victims. The campaign has been active for about four months, according to Cado’s research.
Broader Trend: AI in Scam Campaigns
The use of AI in generating fake content is becoming increasingly common in cybercrime campaigns. While much attention has been focused on AI’s potential to create malware, it’s clear that threat actors are using AI tools to develop entire ecosystems of fake websites, blogs, and social media profiles that lend credibility to their scams.
This trend is not isolated. In August 2024, on-chain investigator ZackXBT uncovered a network of 21 developers, likely North Korean, who were involved in crypto projects using fake identities and AI-generated content to target victims. Furthermore, the FBI issued a warning in September 2024 about North Korean hackers using malware disguised as employment offers to target crypto companies and decentralized finance (DeFi) projects.
How to Protect Yourself from AI-Driven Scams
Given the growing sophistication of these scams, it is essential for Web3 professionals and crypto enthusiasts to remain vigilant. Here are some steps you can take to protect yourself:
- Verify Sources: Always double-check the legitimacy of communication, especially if it involves downloading software or providing sensitive information.
- Beware of AI-Generated Content: Be cautious of websites or social media profiles that seem too polished or official, as AI-generated content is becoming more common.
- Use Strong Security Practices: Enable multi-factor authentication (MFA) and avoid using the same passwords across multiple platforms. Additionally, use hardware wallets to store cryptocurrency instead of relying solely on software wallets.
- Report Suspicious Activity: If you encounter a suspicious website or communication, report it to the relevant authorities or security firms to help mitigate further damage.
A Growing Threat for the Web3 Community
This AI-driven scam campaign is a wake-up call for the Web3 and cryptocurrency communities, highlighting the increasing use of artificial intelligence in cybercrime. With scammers becoming more adept at creating realistic, AI-generated content, it is crucial for individuals and businesses in the crypto space to remain vigilant and adopt robust security measures to protect their assets.
