Web3 workers are the latest targets in a growing wave of cyberattacks, with scammers employing advanced tactics to steal sensitive data, including cryptocurrency credentials. According to Cado Security Labs, these cybercriminals have been leveraging artificial intelligence (AI) to create realistic company websites and social media accounts, luring victims into downloading malware-infested meeting apps.
Dubbed the Web3 Workers Scam, the attack uses a fake app—previously known as “Meeten” and now operating under names like “Meetio” and “Meetone.gg”—to infiltrate crypto wallets, browser cookies, and credentials. Once downloaded, the app injects a Realst info stealer, a malware designed to extract valuable information from victims.
“This is a sophisticated campaign that uses AI-generated content to gain credibility and trust, targeting individuals within the Web3 ecosystem,” stated Tara Gould, threat research lead at Cado Security Labs, in a Dec. 6 report.
How the Web3 Workers Scam Operates
The scammers begin by impersonating legitimate companies, building convincing websites filled with AI-generated blogs, product descriptions, and social media profiles on platforms like X (formerly Twitter) and Medium. These fake websites are designed to appear professional, often mimicking known brands within the blockchain space.
Victims are usually approached through social engineering tactics, such as unsolicited messages on Telegram or other communication platforms. One notable case involved a scammer impersonating a known associate of the target, using insider knowledge to gain trust.
“The scammer even sent an investment presentation from the target’s company to him, showcasing the level of sophistication and targeting in these attacks,” Gould noted.
Once victims are persuaded to download the fake meeting app, the Realst info stealer goes to work. The malware can:
– Extract credentials from browsers like Google Chrome and Microsoft Edge.
– Steal login details for crypto wallets, including Ledger, Trezor, and Binance Wallets.
– Capture Telegram logins and banking card information.
To further compromise their targets, the fake websites often include JavaScript capable of extracting crypto stored in web browsers, even before the malware is installed.
Expanding the Scope of the Attack
The Web3 Workers Scam isn’t limited to a single platform. The malicious app has been distributed for both macOS and Windows, ensuring that it can reach a broader pool of victims. Cado Security Labs reported that this campaign has been active for approximately four months.
Gould highlighted the growing role of AI in enabling such scams. “While much of the recent focus has been on the potential of AI to create malware, threat actors are increasingly using AI to generate content for their campaigns. This adds a layer of legitimacy, making it harder to detect suspicious websites,” she explained.
Not an Isolated Incident
This attack is part of a larger trend of cybercriminals targeting the crypto space. In August, blockchain investigator ZackXBT uncovered a network of 21 developers, potentially tied to North Korea, who were operating under fake identities and working on various crypto projects.
Similarly, the FBI issued a warning in September about North Korean hackers using malware disguised as employment offers to target decentralized finance (DeFi) projects.
These incidents underscore the escalating threats within the blockchain and crypto industries. “The combination of AI-generated content and targeted social engineering is a game-changer for cybercriminals,” said cybersecurity analyst Richard Clark. “It’s creating a perfect storm of credibility and sophistication, making these scams increasingly difficult to identify.”
Protecting Web3 Workers
Given the rise of scams like the Web3 Workers Scam, experts emphasize the importance of vigilance and proactive cybersecurity measures. Here are some key tips for Web3 workers:
Verify Communication Channels: Always confirm the identity of anyone contacting you about business opportunities, especially on platforms like Telegram.
Inspect URLs and Websites: Be cautious of websites prompting you to download software. Check for inconsistencies in domain names and content.
Use Antivirus and Anti-Malware Software: Ensure your devices are equipped with updated security tools to detect and block threats.
Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security to your accounts, making it harder for attackers to gain access.
Report Suspicious Activity: If you suspect a scam, report it to cybersecurity firms or local authorities.
The Industry’s Response
The rise of AI-driven scams like the Web3 Workers Scam has prompted discussions on how to mitigate such threats. Blockchain security firms and crypto organizations are urging greater collaboration to address these issues.
“This isn’t just a problem for individuals; it’s a systemic risk to the entire crypto ecosystem,” said Linda Zhang, a blockchain security expert. “We need better tools to detect AI-generated content and stronger community awareness to prevent these scams from succeeding.”
As Web3 continues to evolve, so do the threats it faces. The Web3 Workers Scam serves as a stark reminder of the need for constant vigilance and innovation in the fight against cybercrime.
Get more from The Bit Gazette
