An ongoing social engineering campaign targets cryptocurrency users through fake startup companies that trick users into downloading malware. These operations impersonate well-known sectors like AI, gaming, and Web3, using spoofed social media accounts and legitimate platforms for documentation. The campaign, which has evolved from earlier tactics involving bogus videoconferencing services, remains active and increasingly sophisticated. Attackers utilize compromised verified social media accounts to lure targets and create a façade of legitimacy, continuing to pose a significant threat to digital asset security.
These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and GitHub.
The attackers have been observed leveraging compromised X accounts associated with companies and employees, primarily those that are verified, to approach prospective targets and give their fake companies an illusion of legitimacy.
Users who ended up downloading the purported meeting software were stealthily infected by stealer malware such as Realst.
The campaign was codenamed Meeten by Cado Security in reference to one of the phony videoconferencing services.
Collection
[
|
...
]