Network Security, Malware

Infostealer for crypto theft spread via fraudulent virtual meeting software

computer screen with programming code and a skull, concept of computer security, malware or hacker attack (3d render)

Intrusions leveraging the fraudulent virtual meeting software Vortax have been launched by the threat actor dubbed "markopolo" as part of a sweeping cross-platform scam distributing the Atomic macOS Stealer, Rhadamanthys, and StealC payloads for cryptocurrency exfiltration activities, according to The Hacker News.

After luring targets to download Vortax — which has been legitimized through a Medium blog with artificial intelligence-generated articles — the app would seek victims to provide a unique identifier, which when entered would redirect to another website or Dropbox link that would eventually prompt stealer malware deployment, an analysis from Recorded Future's Insikt Group revealed.

Such a scam was reported by cryptocurrency researcher ZachXBT to have resulted in the theft of $245,000 worth of cryptocurrency.

"This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications," said Insikt Group researchers, who also noted the threat actor's agility in adopting new lures for his attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.