Close Menu
Web StatWeb Stat
  • Home
  • News
  • United Kingdom
  • Misinformation
  • Disinformation
  • AI Fake News
  • False News
  • Guides
Trending

WNEP – YouTube

August 29, 2025

USC shooter scare prompts misinformation concerns in SC

August 27, 2025

Verifying Russian propagandists’ claim that Ukraine has lost 1.7 million soldiers

August 27, 2025
Facebook X (Twitter) Instagram
Web StatWeb Stat
  • Home
  • News
  • United Kingdom
  • Misinformation
  • Disinformation
  • AI Fake News
  • False News
  • Guides
Subscribe
Web StatWeb Stat
Home»AI Fake News
AI Fake News

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

News RoomBy News RoomJuly 10, 2025Updated:July 10, 20253 Mins Read
Facebook Twitter Pinterest WhatsApp Telegram Email LinkedIn Tumblr

crises and financial exploitation of responders

July 10, 2025. Cryptocurrency users are once again targets of a ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and GitHub. Examples of such malware include stealer malware like Realst and have been adopted by Cado Security as codenamed “Meeten.”

The campaign dates back to December 2024, with a previous iteration using bogus videoconferencing platforms to dupe victims into joining a meeting under the guise of discussing an investment opportunity after approaching them on messaging apps like Telegram. The latest findings from Darktrace reveal that the campaign continues to operate, with evidence of ongoing activity since at least March 2024, including the use of a non-existent “meethub[.]gg” domain forstealer malware like Realst.

The attackers have been observed leveraging compromised X accounts associated with various companies and employees, primarily verifying ones, to approach prospective targets. Each company’s professional服务平台 includes features such as a professional-looking website, professional employee profiles, whitepapers, and roadmaps. Many of these companies are listed below:

  • BeeSync (@BeeSyncAI, @AIBeeSync)
  • Buzzu (@BuzzuApp, @AI_Buzzu, @AppBuzzu, @BuzzuApp)
  • Cloudsign (@cloudsignapp)
  • DeXis (@DexisApp)
  • KlastAI (@KlastAI)
  • Lunelior
  • NexLoop (@n NexLoop)
  • NexoraCore
  • NexVoo (@Nexvoospace)
  • Pollens AI (@PollensApp, @PollensApp)
  • Slax (@SlaxApp, @Slax_project, @slaxproject)
  • Solune (@SoluneApp)
  • Swox (@SwoxApp, @Swox_AI, @swox Applying)
  • Wasper (@WasperSpace)
  • YondaAI (@yondaspace)

The attack chains begin when one of these adversary-controlled accounts threatens a victim through X, Telegram, or Discord, prompting them to test their software for cryptocurrency payment. If the target agrees, they are redirected to a fictitious website where they use their employee to gain access and download either a Windows Electron or an Apple disk image (DMG) file. On Windows systems, the malware demonstrates a Cloudflare verification screen, while macOS users are similarly tricked into deploying Atomic macOS Stealer (AMOS), a known infostealer. The malware then siphons documents and data, exfiltrating details, and transmits them to external servers.

The DMG binary is equipped with shell scripts designed to set up persistence and log application usage and user interactions, then transmit them to a remote server. Darktrace noted that this campaign shares tactical similarities with those orchestrated by a traffancers group called Crazy Evil, known for duplicating malware like StealC, AMOS, and Angel Drainer to hide legitimate companies from victims.

Despite the campaign’s widespread impact, it is unclear whether the incidents could be attributed solely to Crazy Evil or other subteams. The techniques described are akin to those executed by Mad Ike, highlighting the actors’ intent behind these vehicle tactics. This campaign underscores the growing sophistication of cybercrime, where attackers aim to deception users into downloading malicious software while also exploiting these efforts to steal cryptocurrency and disrupt financial institutions. Follow these companies on Twitter and LinkedIn to stay updated with the latest threats and credentials.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
News Room
  • Website

Keep Reading

Will Smith accused of using AI to fake crowds in concert video

How AI Is Shaping the Future of Digital Marketing

Google AI system promotes outlandish fake overview of Jeff Bezos mom’s funeral: report

Will Smi​​th Can’t Hide His Downfall As Fans Uncover Fake AI Crowd Amid Flop Summer Tour

Big-name publications red-faced after publishing AI-made fake news

Emily Portman and musicians on the mystery of fraudsters releasing songs in their name

Editors Picks

USC shooter scare prompts misinformation concerns in SC

August 27, 2025

Verifying Russian propagandists’ claim that Ukraine has lost 1.7 million soldiers

August 27, 2025

Elon Musk slammed for spreading misinformation after Dundee ‘blade’ incident

August 27, 2025

Indonesia summons TikTok & Meta, ask them to act on harmful

August 27, 2025

Police Scotland issues ‘misinformation’ warning after girl, 12, charged in Dundee

August 27, 2025

Latest Articles

Police issue misinformation warning after 12-year-old girl charged with carrying weapon in Dundee

August 27, 2025

After a lifetime developing vaccines, this ASU researcher’s new challenge is disinformation

August 27, 2025

Police issue ‘misinformation’ warning after 12-year-old girl arrested in Dundee

August 27, 2025

Subscribe to News

Get the latest news and updates directly to your inbox.

Facebook X (Twitter) Pinterest TikTok Instagram
Copyright © 2025 Web Stat. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Contact

Type above and press Enter to search. Press Esc to cancel.