Skip to main content

AI-powered deception: The sneaky macOS malware masquerading as your next video call

Artificial intelligence is making life easier for cybercriminals, allowing them to create elaborate scams to trick people. Kurt the Cyberguy explains how to protect yourself.

Artificial intelligence (AI) is making life easier not just for us but also for cybercriminals. 

It is enabling them to create elaborate campaigns to deceive people, efforts that would otherwise take months. Security researchers have discovered a new info stealer malware that masquerades as video-calling software. Hackers have built a whole website and set up companies using AI to make the malware appear harmless. 

They have even created social media accounts to add an extra layer of legitimacy. People are tricked into installing malicious video-calling software, and once they do, it steals their personal data and cryptocurrency.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cado Security Labs has uncovered a new, sophisticated scam targeting people. The scam involves a crypto stealer called Realst, which has versions for both macOS and Windows and has been active for about four months. 

The hackers behind this malware have gone all out, setting up fake company websites complete with AI-generated blogs, product content and social media accounts on platforms like Twitter and Medium. The company they're pretending to be is called "Meetio," though they've used different names in the past few months, including Clusee, Cuesee, Meeten and Meetone.

The scam works in a few different ways. Often, users are contacted on Telegram by someone pretending to be a friend or acquaintance. The scammers pitch a business opportunity and ask to schedule a call. In one case, the scammer even sent an investment presentation from the target's own company, making the scam feel more real and personal. Other victims report being on Web3-related calls, downloading the software and having their cryptocurrency stolen.

Once the scammer makes contact, the target is usually directed to the Meeten website to download the malicious software. But even before the malware is installed, the website has JavaScript that can steal cryptocurrency stored in web browsers. It’s a multi-step scam that’s designed to trick you.

4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

Once victims are sent to the "Meeten" website, they’re given the option to download the software. The file they download contains a program called "fastquery," though other versions of the malware come as a different file type (DMG) with a multi-architecture setup.

When the victim opens the program, two error messages pop up. The first one says, "Cannot connect to the server. Please reinstall or use a VPN," and has a "continue" button. The malware also uses a macOS tool to ask the user for a password, a common trick in macOS malware.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The malware then looks through various files on the victim's computer to find sensitive information, such as passwords and account details. It creates a folder to store this stolen data, then compresses it into a zip file. This zip file, along with some system data, is sent to a remote server. The server receives information like the system's build version, along with the stolen data.

Once the data is sent, the malware deletes any temporary files it created. The stealer is capable of grabbing sensitive information like Telegram credentials, banking card details and data from web browsers (like Google Chrome, Opera, Brave, Microsoft Edge, Arc, CocCoc and Vivaldi). It can steal things like saved passwords, cookies and browsing history.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

1. Verify sources before downloading software: Always ensure that you are downloading software from legitimate, trusted sources. Be cautious of downloading anything from links sent via unsolicited messages or emails, especially if they involve urgent requests or business opportunities.

The best way to safeguard yourself against malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my top picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Be cautious of unexpected contact: If you receive messages from unfamiliar contacts on platforms like Telegram or social media, especially those asking you to schedule calls or discuss business opportunities, verify the identity of the sender before taking any action. Cybercriminals often pose as friends or colleagues to gain trust.

3. Enable two-factor authentication (2FA): Use 2FA on your accounts, particularly for sensitive services like cryptocurrency wallets, banking and messaging apps. This adds an extra layer of protection in case your credentials are compromised.

4. Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords for different sites or services. A password manager can be incredibly helpful here. It generates and stores complex passwords for you, making them difficult for hackers to crack.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2024 here.

5. Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

6. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach and cuts down on the chances that potential attackers will find you or contact you in the first place. Check out my top picks for data removal services here. 

AI is enabling scammers to launch malicious campaigns at a scale we've never seen before, and it's likely to get worse as AI models continue to improve. This makes it crucial to have tools that can detect AI-generated content, helping people better protect themselves against these scams. In the meantime, rely on your common sense, watch out for red flags and only install software from reputable platforms. For video calls, stick to well-known and trusted platforms like Zoom, FaceTime, Google Meet and Webex. If someone sends you a random video call link, politely ask them to schedule the call using one of these trusted platforms instead.

Should companies be doing more to help users detect and protect themselves from AI-powered scams? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com.  All rights reserved.

Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.