A sophisticated new hacking campaign is preying on individuals in the Web3 and blockchain industries, with researchers warning about its growing reach and deceptive strategies.
The attack relies on enticing victims into downloading malware through a seemingly innocent job opportunity.
According to experts at Cado Security Labs, the campaign began in September 2024.
Victims are typically contacted on Telegram via a typosquatted account – a deceptive variation of a familiar contact's username.
This impersonation is highly targeted, with attackers taking time to study their victims before striking.
The initial outreach involves offering a promising job opportunity, along with an investment presentation connected to the target's company.
The level of preparation is evident.
Researchers say that the attackers meticulously set the stage, mirroring familiar communications and creating a false sense of trust.
This calculated approach makes victims more likely to believe the offer is legitimate and proceed with the interaction.
Once the victim is drawn in, they are invited to a video call using a business meeting application called Meeten.
However, this app is far from genuine.
Researchers report that Meeten has been rebranded multiple times, previously operating under names like Meetio, Meetone, Clusee, and Cuesee.
The attackers use these variations to enhance credibility and lure victims further.
To add another layer of believability, Meeten comes with a professional-looking website.
Victims are met with a fake error message during the call, claiming they need to reinstall the app or connect through a VPN.
This false message is intentionally designed to prompt victims into further actions while allowing the malware to operate undetected in the background.
The malware involved is identified as Realst, a type of infostealing program that surreptitiously harvests sensitive data from a victim’s device.
Once installed, Realst steals Telegram credentials, banking card details, browser cookies, and login credentials stored in the browser.
Additionally, it targets Keychain credentials and other stored access points, leaving victims vulnerable to financial theft.
Experts believe the primary goal of these attacks is cryptocurrency theft, given the high proportion of victims connected to the Web3 industry.
This would align with the campaign's strategy of targeting individuals who are likely to have access to digital assets.
The use of fake job offers as a hacking tactic is not new.
State-sponsored groups such as Lazarus, linked to North Korea, have exploited this approach for years.
Notably, one Lazarus attack led to one of the largest crypto heists in history, with hackers making off with an estimated $600 million in various cryptocurrencies.
The warning from Cado Security Labs highlights how these threats continue to evolve, employing social engineering and technological manipulation to exploit trust and opportunism.
Their findings suggest that this campaign could soon grow in scope, making it essential for Web3 professionals to exercise caution when engaging with new communications or job opportunities.
The full extent of Realst's reach remains unknown, but researchers are urging vigilance among anyone working in crypto and blockchain industries.
Ensuring strong security measures, confirming communications, and staying informed are vital steps to avoid falling victim to similar schemes.
Chinese leader has replied to Turing Award winner Professor Yao Qizhi, with insiders stating that he is preparing an AI and blockchain venture capital fund.
AlexChairman of the Financial Supervisory Commission (FSC), Huang Tien-mu, attended a special session at the Legislative Yuan today and for the first time clearly disclosed the timeline for the formulation of a special law for virtual assets. He stated that the FSC will gradually regulate virtual assets in four phases, ultimately moving towards the establishment of a special law for virtual asset management. The draft of this law is expected to be completed by the end of December this year and submitted to the Executive Yuan by June next year.
MiyukiBitcoin mining company Bitfarms announced on June 10 that its board of directors has approved a Shareholder Rights Plan to fend off a hostile takeover by its competitor Riot Platforms.
WeiliangSources indicate that Biden's campaign team is in discussions to accept cryptocurrency donations through Coinbase Commerce.
AlexRipple announced yesterday (12th) the upcoming launch of the XRPL EVM Sidechain, using Axelar as the sole bridge for the sidechain. Additionally, they introduced a new stablecoin, RLUSD.
MiyukiKMT legislator Wang Hongwei raised concerns during a Legislative Yuan session about the Ministry of Justice's cooperation with Binance, the world's largest cryptocurrency exchange. She accused Binance of being notorious for money laundering and international crime, calling for an end to the partnership. In response, Binance emphasized that it has never been penalized for fraud and actively collaborates with global law enforcement agencies.
WeiliangTerraform Labs has agreed to a $4.47 billion settlement with the SEC. However, the funds will go to the SEC, not the affected individuals, sparking public outcry from the crypto community and industry leaders.
KikyoTapSwap, a popular crypto mining game on Telegram, faces credibility concerns due to abrupt changes like removing Solana branding and introducing questionable tasks redirecting to unrelated Telegram channels. These issues, combined with technical glitches and unclear blockchain plans, have sparked skepticism about TapSwap's legitimacy among users and analysts alike.
AnaisThe UK’s NHS Chief is urging lawmakers to act against rising crypto trading addiction among young people, responding to an increase in those seeking help for addiction to the volatile digital currency market.
CatherinePresident Biden's campaign is exploring crypto donations via Coinbase Commerce, aiming to engage tech-savvy voters amid criticisms of inconsistency in his crypto stance. This move contrasts with past regulatory actions and signals a strategic shift ahead of a competitive election.
Joy