New Meeten Malware Targets Crypto Wallets on macOS and Windows

• Threat actors have started relying on AI assistance for social engineering campaigns.
• Meeten is a type of malware that can steal credentials, cookies, and crypto-assets.
• Security researchers warn that Meeten poses a significant threat on Windows and macOS.

A new type of malware that relies on AI to increase legitimacy has been discovered by Cado Security Labs. This malware strain is known as “Meeten,” which is the name of the application that downloads an info-stealer component. Meeten’s primary targets appear to be Web3 professionals and their crypto wallets.

This scam begins when a user is contacted via Telegram about a potential investment, which can also include an investment presentation attached. After the initial talks, the victim agrees to download Meeten to set up a call. That’s when the target is redirected to a Meeten website, which offers downloads for macOS, Windows, and Linux.

Upon trying to open the application on macOS, an error message asks the victim to input their system password. That’s when the malware, a Realst stealer, starts to iterate through various data stores, steal sensitive information, create a folder to store all that information, and exfiltrate the data as a ZIP file.

According to Cado Security Labs’ researchers, the malware can steal Telegram credentials, payment card details, keychain (iCloud) credentials, browser cookies, autofill credentials, and the contents of Ledger and Trezor wallets.

On Windows, the Meeten application contains a Nullsoft Scriptable Installer System (NSIS) file with a legitimate digital signature from “Brys Software,” likely stolen. The installation file is an Electron application configured to download a Rust-based binary from an attacker-controlled domain.

In most cases, the malicious application in question is known as Meeten, and it’s backed by a website filled with AI-generated content. However, the malware’s creators also use other names, such as Clusee, Cuesee, Meetone, and Meetio.

Even though we’ve been hearing a lot about the use of AI in creating malicious code, Cado Security Labs warns us about the use of AI in creating social engineering campaigns, such as the one described in this article. Also, using malicious Electron applications seems to be a new trend, which is why the security researchers recommend that users remain vigilant by “verifying sources, implementing strict security practices, and monitoring for suspicious activity.”