A new malware campaign is targeting users with fake web3 gaming projects in an attempt to distribute infostealers across macOS and Windows platforms. The Russian-language cybercrime operation, uncovered by Insikt Group, is exploiting the growing popularity of blockchain-based gaming to spread malware and steal valuable information from unsuspecting victims.
According to cybersecurity analysts, the operation, named “Web of Deceit: The Rise of Imitation Web3 Gaming Scams and Malware Infections,” is believed to be orchestrated by Russian-speaking hackers. The campaign involves creating fake web3 gaming projects that closely mimic legitimate ones, as well as setting up fake social media accounts to add credibility to their schemes.
Once the malware is installed on a victim’s device, it can infect the system with various types of infostealer malware tailored to the user’s operating system. This includes malware like Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro, which are designed to steal sensitive information such as crypto from desktop wallets or extensions.
The cybercriminals behind the operation have established a sophisticated system that allows them to quickly adapt and rebrand their schemes to avoid detection. Private data such as operating system type, user-agent, IP address, and browser-connected crypto wallets are then sent to a pre-configured Telegram channel set up by the threat actors, further highlighting the strategic shift towards exploiting emerging technologies and social engineering tactics.
While the full extent of the scam remains unclear, cybersecurity experts warn users to remain vigilant and practice good cyber hygiene to protect themselves from falling victim to such malicious schemes. The investigation serves as a stark reminder of the dangers posed by cybercriminals looking to exploit the intersection of technology and social engineering for financial gain.