New research has once again reminded us that it’s not enough to discover a malware campaign, as threat actors continue to advance their tactics and target potential victims even months after their methods are exposed.
Artificial intelligence (AI) cybersecurity platform Darktrace said it has identified numerous cases proving that the Meeten campaign, designed to trick cryptoasset users into installing the infostealer Realst, is still ongoing, despite being discovered by Cado Security Labs in December 2024.
After initially tricking users with fake video meeting software, the campaign has now evolved and is using a more diverse arsenal to deceive people.
For example, Darktrace has found fake startup companies with AI, gaming, video meeting software, Web3, and social media themes, along with compromised X accounts used to spread malware targeting both Windows and macOS. Meanwhile, platforms such as Notion, Medium, and GitHub are being used to provide fake whitepapers, project roadmaps, and employee details.
To make their tools appear even more credible and bypass defense systems, the criminals are using stolen software signing certificates in Windows versions and employ anti-analysis techniques such as obfuscation and anti-sandboxing.
“One of the fake companies involved in this campaign, ‘Eternal Decay,’ a blockchain-powered game, has created fake images pretending to present at conferences to post on social media, while the actual game doesn’t exist,” Darktrace said, adding that in some cases, even fake merchandise stores were set up.
Among the fake companies, the researchers found names such as Pollens AI, Buzzu, Cloudsign, Swox, KlastAI, and others, all aiming to trick potential victims into downloading malware after initial contact via X messages, Telegram, or Discord.
While Darktrace said it’s unclear whether these campaigns can be attributed to the crypto-focused CrazyEvil group, a prominent so-called traffer group, or any of its sub-teams, the techniques described are similar.
According to the researchers, a “traffer” malware group is an organized cybercriminal operation designed to infect internet users’ devices with information-stealing malware through compromised or deceptive websites, ads, and links.
Your email address will not be published. Required fields are markedmarked