Fake video conferencing app is stealing passwords and spreading malware — how to stay safe

A shadowy hand reaches for the word 'PASSWORD' displayed on a computer screen.
(Image credit: Shutterstock)

Cado Security Labs has identified a Realst info-stealer that uses a fake meeting app to steal crypto wallets and inject malware. The scammers are tricking web3 workers into downloading an app, which has been called Meeten, Meetio, Meeten.gg, Meeten.us, Meetone.gg, Cluesee.com and Cuesee — it changes names frequently.

The threat actors use AI to generate and fill out blogs, websites and social media accounts on X and Medium to appear as legitimate companies before contacting targets and prompting them to download the app.

Once downloaded, the malware will search out sensitive information, including banking card details, Telegram logins, and information on crypto wallets – specifically Ledger, Trezor, Phantom and Binance wallets, which it sends back to the attackers. It can also search for browser cookies and autofill credentials from Google Chrome, Microsoft Edge and Opera, Brave, Arc, CocCoc and Vivaldi.

One user was contacted by someone impersonating an acquaintance who then sent an investment presentation from the target’s company to the target; others have reported being on calls related to web3 works and being instructed to download the software.

Increasingly, AI is being used to generate content for malware campaigns. According to Cado Security Labs, threat research lead Tara Gould, “Using AI enables threat actors to quickly create realistic website content that adds legitimacy to their scams and makes it more difficult to detect suspicious websites.”

These fake websites, which prompt victims to download malware instead of legitimate software, also contain JavaScript that can steal crypto wallets stored in web browsers – and that’s before it installs malware. According to Paul Scott, Solutions Engineer at Cado Security, “If a user has their wallet unlocked in their browser and visit a malicious website, the JavaScript on the site automatically checks if there are unlocked wallets present and will attempt to transfer crypto coins to a wallet the attacker controls.”

This campaign has been active for at least four months, has both macOS and Windows variants and appears to be a variant of the Realst infostealer first discovered in 2023 by security researcher iamdeadlyz.

How to stay safe

The researchers advise users to be careful when being approached about business opportunities — especially through Telegram. Even if the contact appears to be an existing, known contact, it is essential to verify the account. Always be diligent when opening links.

Never open anything from someone you don't know or are not expecting. If you receive a link, contact the sender and ask them if they've sent it and why. If they've sent something in Telegram and usually contact you in Slack, contact them on the platform where you typically discuss business.

Make sure you're using one of the best antivirus software and that it's current and up-to-date. Make sure you're using one of the best antivirus software and that it's current and up-to-date, or one of the best VPNs with browser-level threat protection included.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
One phone with skull and crossbones on screen among several other clean-looking phones.
Malicious iPhone apps are spreading screenshot-reading malware on the Apple App Store — how to stay safe
and image of the Google Chrome logo on a laptop
Google Docs under attack from info-stealing malware — how to keep your data and your emails safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
MacBook Pro 2023
Macs under attack from North Korean malware stealing passwords and more — how to stay safe
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in Online Security
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Latest in News
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far