Crypto Professionals Targeted by Fraudulent Meeting Applications

Information Security Media Group compiles a weekly summary of cybersecurity incidents in the digital asset space. This week, predators focused on crypto professionals leveraging fake meeting applications laden with malware, while the Australian legal system imposed an AU$8 million fine on Kraken’s operator, Bit Trade, over unauthorized practices. Furthermore, a Los Angeles court mandated five individuals implicated in a fraud scheme to pay $5 million to their victims. Polish authorities apprehended a former Russian cryptocurrency exchange owner, and actions were taken by FTX debtors to recover funds.

Additional Resource: OnDemand | NSM-8 Deadline July 2022: Keys for Implementing Quantum-Resistant Algorithms

Web3 professionals are increasingly falling victim to an evolving phishing campaign employing fraudulent meeting applications designed to capture sensitive credentials and cryptocurrency. Research by Cado Security Labs has highlighted how attackers utilize artificial intelligence to forge convincing online personas for fictitious companies like “Meeten” and “Meetio.”

These scammers frequently masquerade as trustworthy colleagues via messaging platforms such as Telegram, sometimes presenting counterfeit internal documents to gain credibility. Once trust is established, victims are urged to download compromised meeting applications.

The malware, known as Realst info-stealer, is crafted to operate on both macOS and Windows systems. In the macOS environment, it masquerades as a legitimate setup file, requesting users’ system passwords while siphoning off browser cookies, financial credentials, and cryptocurrency wallet information. For Windows, it employs an Electron application equipped with sophisticated obfuscation techniques to elude security measures.

Even before installation, malicious websites may execute JavaScript to extract cryptocurrency stored in web browsers. The Realst malware specifically targets popular browsers and wallet services, including Ledger and Binance, compressing the pilfered data into zip files directed to servers managed by the attackers.

In a significant regulatory action, an Australian federal court has ordered Bit Trade Pty Ltd, the operator of the Kraken cryptocurrency exchange in Australia, to pay AU$8 million for improperly offering a margin extension product to a clientele exceeding 1,100 customers.

The Australian Securities and Investments Commission (ASIC) identified that Bit Trade had provided these margin extensions, repayable in both digital and fiat currencies, without conducting a necessary target market determination since October 2021. The ruling pointed to a breach of design and distribution obligations and criticized the firm’s deficient compliance structure and profit-driven practices.

Victims collectively reported trading losses surpassing AU$5 million, with one visibly suffering a nearly AU$4 million setback. This marks the first penalty issued by ASIC for a breach of the target market determination requirements.

A U.S. district court in Los Angeles has mandated five individuals to collectively pay over $5 million for fraudulent activities that impacted 190 victims via a digital asset scheme, as stated by the Commodity Futures Trading Commission.

Operating under the name Icomtech, these individuals falsely promised substantial returns through Bitcoin trading from 2018 to 2019. Instead of delivering on these promises, the group absconded with investors’ funds, leaving many victims in precarious financial situations, regulators reported.

In a recent development, Polish police announced the arrest of Dmitry V., a former Russian cryptocurrency exchange operator sought in the United States on charges of fraud and money laundering. It is important to note that authorities in Poland withheld the suspect’s last name in compliance with privacy regulations.

Dmitry V. is linked to the now-defunct WEX exchange and was apprehended following a U.S. request for extradition. He faces serious allegations of involvement in financial crimes associated with one of the largest cryptocurrency platforms globally, risking a 20-year prison sentence if convicted, as per Polish law enforcement’s statements.

The WEX exchange, previously regarded as the largest in Russia, encountered a collapse in 2018 under allegations of misconduct.

In a recent filing with the U.S. Bankruptcy Court for the District of Delaware, FTX debtors have secured the recovery of over $14 million in political donations. This recovery process targets funds allocated at the direction of former CEO Sam Bankman-Fried prior to FTX’s dramatic collapse in 2022 (See: FTX Founder Arrested in Bahamas).

Recovered amounts include $6 million from the Democratic House Majority PAC and $3 million from the Democratic Senate Majority PAC, along with smaller contributions from state Democratic organizations. U.S. authorities have previously accused Bankman-Fried of misusing customer deposits for political financing.

Following FTX’s Chapter 11 filing in November 2022, a reorganization plan authorized by a judge in October 2024 could allow for the repayment of 98% of user claims, potentially covering 119% of their original account values.

While Bankman-Fried faced no charges related to campaign financing, he was found guilty of fraud and money laundering in November and is currently serving a 25-year sentence. Co-founder Gary Wang and former engineering director Nishad Singh received no prison time after cooperating with law enforcement.

Report contributed by Anviksha More, Information Security Media Group, Mumbai, India.