AI is making life easier not just for us but also for cybercriminals. It is enabling them to create elaborate campaigns to deceive people, efforts that would otherwise take months. Security researchers have discovered a new info stealer malware that masquerades as video calling software. Hackers have built a whole website and set up companies using AI to make the malware appear harmless. They have even created social media accounts to add an extra layer of legitimacy. People are tricked into installing malicious video calling software, and once they do, it steals their personal data and cryptocurrency.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know about the malware
Cado Security Labs have uncovered a new, sophisticated scam targeting people. The scam involves a crypto stealer called Realst, which has versions for both macOS and Windows and has been active for about four months.
The hackers behind this malware have gone all out, setting up fake company websites complete with AI-generated blogs, product content, and social media accounts on platforms like Twitter and Medium. The company they’re pretending to be is called “Meetio,” though they’ve used different names in the past few months, including Clusee, Cuesee, Meeten, and Meetone.
The scam works in a few different ways. Often, users are contacted on Telegram by someone pretending to be a friend or acquaintance. The scammers pitch a business opportunity and ask to schedule a call. In one case, the scammer even sent an investment presentation from the target’s own company, making the scam feel more real and personal. Other victims report being on Web3-related calls, downloading the software, and having their cryptocurrency stolen.
Once the scammer makes contact, the target is usually directed to the Meeten website to download the malicious software. But even before the malware is installed, the website has JavaScript that can steal cryptocurrency stored in web browsers. It’s a multi-step scam that’s well-designed to trick you.
4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH
How the malware works
Once the victim is sent to the “Meeten” website, they’re given the option to download the software. The file they download contains a program called “fastquery,” though other versions of the malware come as a different file type (DMG) with a multi-architecture setup.
When the victim opens the program, two error messages pop up. The first one says, “Cannot connect to the server. Please reinstall or use a VPN,” and has a “continue” button. The malware also uses a macOS tool to ask the user for their password, a common trick in macOS malware.
The malware then looks through various files on the victim’s computer to find sensitive information, such as passwords and account details. It creates a folder to store this stolen data, then compresses it into a zip file. This zip file, along with some system data, is sent to a remote server. The server receives information like the system’s build version, along with the stolen data.
Once the data is sent, the malware deletes any temporary files it created. The stealer is capable of grabbing sensitive information like Telegram credentials, banking card details, and data from web browsers (like Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc, and Vivaldi). It can steal things like saved passwords, cookies, and browsing history.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
6 ways you can stay safe from sneaky macOS malware
1) Verify sources before downloading software: Always ensure that you are downloading software from legitimate, trusted sources. Be cautious of downloading anything from links sent via unsolicited messages or emails, especially if they involve urgent requests or business opportunities.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Holiday Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers:
- Option 1: $19 / 5 licenses (protects 5 devices)
- Option 2: $14.95 / 3 devices (protects 3 devices)
2) Be cautious of unexpected contact: If you receive messages from unfamiliar contacts on platforms like Telegram or social media, especially those asking you to schedule calls or discuss business opportunities, verify the identity of the sender before taking any action. Cybercriminals often pose as friends or colleagues to gain trust.
3) Enable two-factor authentication (2FA): Use 2FA on your accounts, particularly for sensitive services like cryptocurrency wallets, banking, and messaging apps. This adds an extra layer of protection in case your credentials are compromised.
4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here—it generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2024 here.
5) Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.
6) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach, and cuts down on the chances that potential attackers will find you or contact you in the first place.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special Holiday Deal for CyberGuy Readers (65% off – lowest price anywhere): Incogni offers a 30-day money-back guarantee and an exclusive CyberGuy discount available only through the links in this article. Pricing is just $5.24/month for an individual plan (billed annually) or $11.54/month for a family plan (up to 4 people), both providing fully automated data removal services, including recurring removal from over 190 data brokers. I recommend the family plan—it breaks down to only $2.89 per person per month for comprehensive, year-round coverage. This is an outstanding service, and I highly recommend giving it a try to see the benefits for yourself.
Get Incogni for your family (up to 4 people) here
Kurt’s key takeaway
AI is enabling scammers to launch malicious campaigns at a scale we’ve never seen before, and it’s likely to get worse as AI models continue to improve. This makes it crucial to have tools that can detect AI-generated content, helping people better protect themselves against these scams. In the meantime, rely on your common sense, watch out for red flags, and only install software from reputable platforms. For video calls, stick to well-known and trusted platforms like Zoom, FaceTime, Google Meet, and Webex. If someone sends you a random video call link, politely ask them to schedule the call using one of these trusted platforms instead.
Should companies be doing more to help users detect and protect themselves from AI-powered scams? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.