Subscribe to our Telegram channel
Hackers learned how to steal cryptocurrency from macOS owners through video calling feature
Researchers from Insikt Group have discovered a new threat for macOS users. The Vortax malware poses as a virtual meeting application with video calling, but in fact spreads three types of ransomware: Rhadamanthys, Stealc, and Atomic macOS Stealer (AMOS). The malicious campaign is aimed at stealing cryptocurrencies and is run by a cybercriminal under the pseudonym «markopolo».
Insikt Group found that 23 other malicious applications for macOS are being distributed under the guise of legitimate virtual meeting software. The Vortax campaign is also linked to previous phishing attacks on macOS and Windows users through Web3 game lures.
The attackers are trying to legitimize Vortax on social media and the web by maintaining a Medium blog with allegedly AI-generated articles and having a verified account on the X platform with a golden checkmark. In order to download the infected app, victims are required to provide a unique meeting identifier (RoomID), which is distributed through replies to the Vortax account, personal messages, and cryptocurrency-related Discord and Telegram channels.
After entering the Room ID on the Vortax website, users are redirected to a Dropbox link or an external site where they download an installer containing malware. It is noteworthy that the malware is available not only for macOS but also for Windows.
One of the victims lost $ 245,000 after falling victim to the Vortax scam. After downloading and installing Vortax, the victim’s cryptocurrency assets were withdrawn from his wallets, transferred through several intermediate addresses, and deposited on an exchange. The malware simulates an error due to a missing software component and shuts down, preventing victims from joining the desired virtual meeting.
Insikt Group emphasized that users should carefully check downloaded programs and suspicious activity to protect their data and finances from cybercriminals and prevent fraudulent strategies from coming to fruition.