New Meeten Malware Targets macOS & Windows to Steal Logins

Researchers discovered a four-month malware campaign targeting cryptocurrency wallets on macOS and Windows. The malware, named Realst, utilizes a multi-pronged approach to steal login credentials and private keys. 

Attackers establish fake companies with constantly changing names (currently “Meetio,” but also “Clusee,” “Cuesee,” “Meeten.gg,” “Meeten.us,” and “Meetone.gg” in the past) to mask their malicious intent.

Social engineering tactics are carefully employed to create a veneer of legitimacy, where the attackers craft company websites replete with AI-generated content, including seemingly legitimate blogs, detailed product descriptions, and even social media accounts on platforms like Twitter and Medium. 

Downloads page on Meeten

Once installed, Realst furtively pilfers sensitive information, potentially including login credentials or private keys used to access cryptocurrency wallets, which empowers the attackers to siphon cryptocurrency holdings from unsuspecting victims.

Realst exhibits persistence mechanisms to ensure its continued presence on the infected system even after a reboot. To further evade detection, it injects itself into legitimate processes, potentially obfuscating its presence from security software. 

Folders and files created by Meeten

It also possesses data exfiltration capabilities, enabling the stolen information to be transmitted to a remote server under the control of the attackers, which could then be exploited to directly access and drain the victim’s cryptocurrency wallets.

The Cado Security report serves as a stark reminder of the importance of cybersecurity vigilance for users dealing with cryptocurrency wallets, which emphasizes caution when downloading software, particularly from unfamiliar sources. 

Digital Signature of Meeten

Employing robust, unique passwords for cryptocurrency wallets and adhering to multi-factor authentication (MFA) protocols can significantly enhance security and mitigate the risk of unauthorized access. 

Through the implementation of these security best practices, users have the ability to reduce the attractiveness of their cryptocurrency holdings to harmful actors.

The campaign highlights the evolving tactics employed by cybercriminals, where the use of social engineering and the creation of a fabricated online presence demonstrate a calculated effort to target cryptocurrency users specifically. 

It emphasizes the need for user awareness and education on these tactics, alongside the importance of technical safeguards like strong passwords and MFA. By staying informed and implementing robust security practices, users can significantly improve their cryptocurrency security posture. 

Also Read:

Kaaviya
Kaaviyahttps://cyberpress.org/
Kaaviya is a Security Editor and fellow reporter with Cyber Press. She is covering various cyber security incidents happening in the Cyber Space.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here