Close Menu
Web StatWeb Stat
  • Home
  • News
  • United Kingdom
  • Misinformation
  • Disinformation
  • AI Fake News
  • False News
  • Guides
Trending

AI and misinformation are supercharging the risk of nuclear war

August 3, 2025

How News Coverage of Misinformation Shapes Perceptions and Trust

August 3, 2025

Stop Suffering From Pain!

August 3, 2025
Facebook X (Twitter) Instagram
Web StatWeb Stat
  • Home
  • News
  • United Kingdom
  • Misinformation
  • Disinformation
  • AI Fake News
  • False News
  • Guides
Subscribe
Web StatWeb Stat
Home»AI Fake News
AI Fake News

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

News RoomBy News RoomJuly 10, 2025Updated:July 10, 20253 Mins Read
Facebook Twitter Pinterest WhatsApp Telegram Email LinkedIn Tumblr

crises and financial exploitation of responders

July 10, 2025. Cryptocurrency users are once again targets of a ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and GitHub. Examples of such malware include stealer malware like Realst and have been adopted by Cado Security as codenamed “Meeten.”

The campaign dates back to December 2024, with a previous iteration using bogus videoconferencing platforms to dupe victims into joining a meeting under the guise of discussing an investment opportunity after approaching them on messaging apps like Telegram. The latest findings from Darktrace reveal that the campaign continues to operate, with evidence of ongoing activity since at least March 2024, including the use of a non-existent “meethub[.]gg” domain forstealer malware like Realst.

The attackers have been observed leveraging compromised X accounts associated with various companies and employees, primarily verifying ones, to approach prospective targets. Each company’s professional服务平台 includes features such as a professional-looking website, professional employee profiles, whitepapers, and roadmaps. Many of these companies are listed below:

  • BeeSync (@BeeSyncAI, @AIBeeSync)
  • Buzzu (@BuzzuApp, @AI_Buzzu, @AppBuzzu, @BuzzuApp)
  • Cloudsign (@cloudsignapp)
  • DeXis (@DexisApp)
  • KlastAI (@KlastAI)
  • Lunelior
  • NexLoop (@n NexLoop)
  • NexoraCore
  • NexVoo (@Nexvoospace)
  • Pollens AI (@PollensApp, @PollensApp)
  • Slax (@SlaxApp, @Slax_project, @slaxproject)
  • Solune (@SoluneApp)
  • Swox (@SwoxApp, @Swox_AI, @swox Applying)
  • Wasper (@WasperSpace)
  • YondaAI (@yondaspace)

The attack chains begin when one of these adversary-controlled accounts threatens a victim through X, Telegram, or Discord, prompting them to test their software for cryptocurrency payment. If the target agrees, they are redirected to a fictitious website where they use their employee to gain access and download either a Windows Electron or an Apple disk image (DMG) file. On Windows systems, the malware demonstrates a Cloudflare verification screen, while macOS users are similarly tricked into deploying Atomic macOS Stealer (AMOS), a known infostealer. The malware then siphons documents and data, exfiltrating details, and transmits them to external servers.

The DMG binary is equipped with shell scripts designed to set up persistence and log application usage and user interactions, then transmit them to a remote server. Darktrace noted that this campaign shares tactical similarities with those orchestrated by a traffancers group called Crazy Evil, known for duplicating malware like StealC, AMOS, and Angel Drainer to hide legitimate companies from victims.

Despite the campaign’s widespread impact, it is unclear whether the incidents could be attributed solely to Crazy Evil or other subteams. The techniques described are akin to those executed by Mad Ike, highlighting the actors’ intent behind these vehicle tactics. This campaign underscores the growing sophistication of cybercrime, where attackers aim to deception users into downloading malicious software while also exploiting these efforts to steal cryptocurrency and disrupt financial institutions. Follow these companies on Twitter and LinkedIn to stay updated with the latest threats and credentials.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
News Room
  • Website

Keep Reading

Guernsey AI scam targets islanders with fake Chief Minister posts

Men’s Health deletes ‘fake news’ from Luka Dončić feature

Iran-Israel AI War Propaganda Is a Warning to the World

Creating realistic deepfakes is getting easier. Fighting back may take even more AI

Spanish teenager investigated on suspicion of creating AI-generated nude videos | Spain

Opinion: Saudi Analysts Expose Pakistan Army’s Fake AI Song Deepfaking Rashed Al-Faris | Opinion News

Editors Picks

How News Coverage of Misinformation Shapes Perceptions and Trust

August 3, 2025

Stop Suffering From Pain!

August 3, 2025

‘Tharoor and team visited 33 countries, none blamed Pakistan’: Congress’s Mani Shankar Aiyar takes aim at party MP; alleges govt failed to counter misinformation | India News

August 3, 2025

Russia is strengthening its influence in Latin America under the guise of cultural cooperation – NSDC Center for Countering Disinformation

August 3, 2025

Moldovan President Warns of Russian Interference in Upcoming Parliamentary Elections

August 3, 2025

Latest Articles

Weather apps put more data than ever at our fingertips – and create the perfect storm for misinformation and anxiety

August 3, 2025

Vietnam denounces false claims, reaffirms collaboration with US in wartime missing accounting

August 3, 2025

Vantara refutes misinformation on elephant’s transfer

August 3, 2025

Subscribe to News

Get the latest news and updates directly to your inbox.

Facebook X (Twitter) Pinterest TikTok Instagram
Copyright © 2025 Web Stat. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Contact

Type above and press Enter to search. Press Esc to cancel.