Cado Security Labs flags new malware targeting crypto wallets on Windows and macOS

A new malware disguises itself as a fake meeting app and targets cryptocurrency wallets and other sensitive information of web3 professionals.

The malware, called Realst, has been active for about four months and has been targeting cryptocurrency wallets, browser-stored credentials, debit card details and hardware wallet information disguised as a fake meeting app, according to cybersecurity firm Cado Security Labs.

The stealth malware, which can infiltrate both Windows and Mac operating systems, is distributed through AI-generated websites designed to look like a real platform, complete with fabricated product reviews, blog posts and social media accounts to bolster its credibility.

Researchers warned that scammers are “increasingly using AI to create content for their campaigns,” allowing them to easily “create realistic website content,” making scams harder to spot.

The app is known to change names and is identified by nicknames such as Clusee[.]com, Cuesee, Meeten[.]gg, meeten[.]we, meetone[.]gg, now known as Meetio.

Social engineering plays a key role in this campaign, as scammers approach victims through social media platforms such as Telegram, often impersonating trusted individuals or using fabricated business opportunities to lure victims to their websites.

As an additional threat, the report warned that the websites in question run malicious Java scripts in the background that “steal cryptocurrency stored in web browsers even before installing any malware.”

Similar tactics have been used to target crypto holders several times. Last month, a whale investor lost more than $6 million worth of cryptocurrency after scammers clicked on a malicious link that was socially engineered to impersonate the video conferencing platform Zoom.

The $50 million hack of decentralized finance protocol Radiant Capital was also the result of a social engineering scheme in which bad actors distributed malware disguised as PDF files.

Experts at Coinbase called social engineering scams the “number one threat to crypto enthusiasts” in an exclusive interview.

Scammers have managed to siphon billions worth of funds from the crypto industry over the years. In November alone, losses from crypto phishing scams were over $9 million.