Insikt Group has recently uncovered a new cybercrime operation that targets users with fake web3 gaming projects in order to distribute malware across macOS and Windows platforms. The operation, called “Web of Deceit: The Rise of Imitation Web3 Gaming Scams and Malware Infections,” is believed to be carried out by Russian-speaking hackers.
The malware is designed to steal information from both macOS and Windows users, taking advantage of the growing interest in blockchain-based gaming for potential financial gain. The cybercriminals behind the operation have been creating fake web3 gaming projects with small changes in names and branding to make them appear legitimate. They also use fake social media accounts to make their fraudulent schemes seem more trustworthy to potential victims.
Once the malware is installed on a victim’s device, it infects them with various types of infostealer malware, such as Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro, depending on the user’s operating system. The cybercriminals have been able to quickly adapt to detection by rebranding or shifting focus, making it difficult to track and stop their activities.
The malware is capable of infecting both Intel and Apple M1 Macs, attempting to steal cryptocurrency from desktop wallets or extensions. The stolen private data, including information about the user’s operating system, user-agent, IP address, and browser-connected crypto wallets, is sent to a pre-configured Telegram channel established by the threat actors, who also communicate in Russian.
The extent of the scam is still unclear, but Insikt Group warns that this new malware represents a strategic shift toward exploiting the intersection of emerging technologies and social engineering. This revelation highlights the need for users to be cautious and vigilant, especially when engaging with new and emerging technologies.