How it steals your personal data and cryptocurrency without you even knowing it until its too late
By Kurt Knutsson, CyberGuy Report Fox News
Artificial intelligence (AI) is making life easier not just for us but also for cybercriminals.
It is enabling them to create elaborate campaigns to deceive people, efforts that would otherwise take months. Security researchers have discovered a new info stealer malware that masquerades as video-calling software. Hackers have built a whole website and set up companies using AI to make the malware appear harmless.
They have even created social media accounts to add an extra layer of legitimacy. People are tricked into installing malicious video-calling software, and once they do, it steals their personal data and cryptocurrency.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know about the malware
Cado Security Labs has uncovered a new, sophisticated scam targeting people. The scam involves a crypto stealer called Realst, which has versions for both macOS and Windows and has been active for about four months.
The hackers behind this malware have gone all out, setting up fake company websites complete with AI-generated blogs, product content and social media accounts on platforms like Twitter and Medium. The company they’re pretending to be is called “Meetio,” though they’ve used different names in the past few months, including Clusee, Cuesee, Meeten and Meetone.
The scam works in a few different ways. Often, users are contacted on Telegram by someone pretending to be a friend or acquaintance. The scammers pitch a business opportunity and ask to schedule a call. In one case, the scammer even sent an investment presentation from the target’s own company, making the scam feel more real and personal. Other victims report being on Web3-related calls, downloading the software and having their cryptocurrency stolen.
Once the scammer makes contact, the target is usually directed to the Meeten website to download the malicious software. But even before the malware is installed, the website has JavaScript that can steal cryptocurrency stored in web browsers. It’s a multi-step scam that’s designed to trick you.
4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH
How the malware works
Once victims are sent to the “Meeten” website, they’re given the option to download the software. The file they download contains a program called “fastquery,” though other versions of the malware come as a different file type (DMG) with a multi-architecture setup.
When the victim opens the program, two error messages pop up. The first one says, “Cannot connect to the server. Please reinstall or use a VPN,” and has a “continue” button. The malware also uses a macOS tool to ask the user for a password, a common trick in macOS malware.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
The malware then looks through various files on the victim’s computer to find sensitive information, such as passwords and account details. It creates a folder to store this stolen data, then compresses it into a zip file. This zip file, along with some system data, is sent to a remote server. The server receives information like the system’s build version, along with the stolen data.
Once the data is sent, the malware deletes any temporary files it created. The stealer is capable of grabbing sensitive information like Telegram credentials, banking card details and data from web browsers (like Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc and Vivaldi). It can steal things like saved passwords, cookies and browsing history.
The Tower Post 