A campaign that uses fake meeting apps to inject malware and steal credentials from websites, apps, and crypto wallets has been identified by Cado Security Labs. This scam targets Web3 workers and employs artificial intelligence (AI) to generate and fill out websites and social media accounts to appear as legitimate companies.
The Scam App: Meeten/Meetio
The scammers use an app called "Meeten" but have also been known to use variations such as "Meetio", Clusee.com, Cuesee, Meeten.gg, Meeten.us, and Meetone.gg. This app contains a malware stealer that hunts for sensitive items like Telegram logins, banking card details, and information on crypto wallets.
How the Scam Works
The scam involves social engineering and spoofing. Scammers use AI to generate content for websites and social media accounts to appear legitimate. They then contact potential targets, usually through social media or messaging apps, to prompt them to download a meeting app. Once downloaded, the app searches for sensitive information and sends it back to the attackers.
The Role of AI in the Scam
Cado’s threat research lead, Tara Gould, notes that while much of the recent focus has been on the potential of AI to create malware, threat actors are increasingly using AI to generate content for their campaigns. This enables them to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites.
The Fake Meeting App
The fake meeting app cycles through names alongside a site filled with AI-generated content to appear more legitimate. To gain credibility, the scammers set up a company website with AI-generated blogs, product content, and accompanying social media accounts, including X and Medium.
Variations of the Scam App
The scammers have created both a macOS and Windows variant of the app. Gould notes that the scheme has been active for about four months, but other scammers have also been using these tactics.
Other Examples of Similar Scams
In August, onchain sleuth ZackXBT found 21 developers working on various crypto projects involving fake identities. In September, the FBI issued a warning about North Korean hackers targeting crypto companies and decentralized finance (DeFi) projects with malware disguised as employment offers.
What You Can Do to Protect Yourself
- Be cautious when downloading meeting apps or software from unknown sources
- Verify the authenticity of company websites and social media accounts before engaging with them
- Use strong passwords and enable two-factor authentication for your online accounts
- Regularly update your operating system and antivirus software
Conclusion
The Web3 scam campaign using fake meeting apps is a sophisticated and targeted attack that uses AI to generate content and appear legitimate. It’s essential to be aware of these tactics and take steps to protect yourself from falling victim to this type of scam.
Additional Tips for Web3 Workers
- Be wary of unsolicited calls or messages requesting you to download software
- Verify the identity of the person contacting you before engaging with them
- Use a password manager to generate and store unique, strong passwords for each account
- Regularly review your online accounts for any suspicious activity
Sources
- Cado Security Labs: "Web3 Workers Targeted by Sophisticated Scam Campaign"
- ZackXBT: "21 Developers Working on Crypto Projects with Fake Identities"
By staying informed and taking the necessary precautions, you can protect yourself from falling victim to this type of scam.
