AI-powered deception: The sneaky macOS malware masquerading as your next video call

It is enabling them to create elaborate campaigns to deceive people, efforts that would otherwise take months. Security researchers have discovered a new info stealer malware that masquerades as video-calling software. Hackers have built a whole website and set up companies using AI to make the malware appear harmless. 

The hackers behind this malware have gone all out, setting up fake company websites complete with AI-generated blogs, product content and social media accounts on platforms like Twitter and Medium. The company they're pretending to be is called "Meetio," though they've used different names in the past few months, including Clusee, Cuesee, Meeten and Meetone.

The scam works in a few different ways. Often, users are contacted on Telegram by someone pretending to be a friend or acquaintance. The scammers pitch a business opportunity and ask to schedule a call. In one case, the scammer even sent an investment presentation from the target's own company, making the scam feel more real and personal. Other victims report being on Web3-related calls, downloading the software and having their cryptocurrency stolen.

Once victims are sent to the "Meeten" website, they're given the option to download the software. The file they download contains a program called "fastquery," though other versions of the malware come as a different file type (DMG) with a multi-architecture setup.

When the victim opens the program, two error messages pop up. The first one says, "Cannot connect to the server. Please reinstall or use a VPN," and has a "continue" button. The malware also uses a macOS tool to ask the user for a password, a common trick in macOS malware.

The malware then looks through various files on the victim's computer to find sensitive information, such as passwords and account details. It creates a folder to store this stolen data, then compresses it into a zip file. This zip file, along with some system data, is sent to a remote server. The server receives information like the system's build version, along with the stolen data.

Once the data is sent, the malware deletes any temporary files it created. The stealer is capable of grabbing sensitive information like Telegram credentials, banking card details and data from web browsers (like Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc and Vivaldi). It can steal things like saved passwords, cookies and browsing history.

1. Verify sources before downloading software: Always ensure that you are downloading software from legitimate, trusted sources. Be cautious of downloading anything from links sent via unsolicited messages or emails, especially if they involve urgent requests or business opportunities.

2. Be cautious of unexpected contact: If you receive messages from unfamiliar contacts on platforms like Telegram or social media, especially those asking you to schedule calls or discuss business opportunities, verify the identity of the sender before taking any action. Cybercriminals often pose as friends or colleagues to gain trust.

AI is enabling scammers to launch malicious campaigns at a scale we've never seen before, and it's likely to get worse as AI models continue to improve. This makes it crucial to have tools that can detect AI-generated content, helping people better protect themselves against these scams. In the meantime, rely on your common sense, watch out for red flags and only install software from reputable platforms. For video calls, stick to well-known and trusted platforms like Zoom, FaceTime, Google Meet and Webex. If someone sends you a random video call link, politely ask them to schedule the call using one of these trusted platforms instead.

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com.  All rights reserved.