AI helping to engineer attacks against crypto users with fake meeting app


Another example of AI being used to target crypto users with increasingly sophisticated theft schemes has surfaced.

Cybersecurity specialist Cado Security Labs said that it has identified an AI-powered fraud campaign that has been active for four months. Users are being tricked into downloading a fake meeting app bundled with the crypto stealer Realst.

The fraudsters regularly change their names, with examples including Meetio, Meeten, Clusee, and Cuesee. According to a report from Cado, the criminals are using AI to create fake companies and websites, leveraging AI-generated content and social media accounts to appear more legitimate.

ADVERTISEMENT
Fake app scam
Fake website. Image by cadosecurity.com

Victims are approached with a request to set up a video call via the fake app containing a crypto stealer.

"In one reported instance, a user was contacted on Telegram by someone they knew, who wanted to discuss a business opportunity and schedule a call," the investigators said, noting that the Telegram account was also fake and designed to impersonate a contact of the target.

The investigation also revealed that other targeted victims were approached regarding Web3 work and subsequently lost their cryptocurrency after downloading the malicious software. Cado added that crypto assets could be stolen even before the malware is downloaded, as the Meeten websites include JavaScript designed to steal cryptocurrency stored in web browsers.

Ernestas Naprys vilius Gintaras Radauskas Marcus Walsh profile
Don’t miss our latest stories on Google News

Meanwhile, the crypto stealer Realst has versions for both macOS and Windows and targets Telegram credentials, banking card details, keychain credentials, browser cookies, and autofill data from Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc, and Vivaldi. It also seeks information on hardware wallets like Ledger and Trezor.

Additionally, another stealer deployed by Meeten, UpdateMC, targets information on Phantom and Binance accounts.

The report further noted that the scammers are using malware built on the Electron framework, which is commonly used for developing cross-platform desktop applications.

ADVERTISEMENT

"This shift shows how AI can be used as a powerful tool in social engineering. As a result, users need to exercise caution when approached about business opportunities, especially through Telegram," Cado concluded.