As malicious hackers continue to threaten the security of the digital assets space, those with the same skill sets but using their talents for good shared what crypto users can do to cover their bases against cybersecurity threats.
On July 26, malicious actors used a social engineering tactic to trick crypto users into downloading fake conferencing software to steal their crypto. Scammers posed as hiring staff of legitimate crypto companies advertising fake job positions to gain access to crypto wallets and steal user funds.
In an interview with Cointelegraph, ethical hackers Kirill Firsov and Marwan Hachem shared details about an investigation they conducted into the fake conferencing software called Meetly.gg and detailed what users can do to prevent themselves from losing their crypto.
Uncovering software used by hackers
Hachem, the chief operating officer of the cybersecurity firm FearsOff, said that on July 26, their team received a distress call from a C-level official of a crypto firm. The cybersecurity professional said that as they tried to investigate the issue, they found out how the hackers operated.
Firsov, the founder and CEO of the cybersecurity firm FearsOff, explained that they had downloaded the fake software and had run it into an isolated environment to find out how it worked. The security professional said that after launching the app, it takes the user’s data and sends it to the malicious actors. He explained:
“After you launch the application, it immediately sends all the critical information about the computer, including all critical data and crypto wallets, to an external server.”
Firsov explained that hackers are looking for data related to crypto wallets and are searching for details like passwords, access codes and keys. “People usually keep passwords not only in safe environments but also in plain text and nodes,” Firsov added.
The cybersecurity professional explained that hackers will use whatever data they find to reach their goal of stealing user’s crypto.
During their investigation, the security executives also noted that they uncovered another piece of software used by the same scammers. They warned users of a site called Clusee.com, which hackers use to steal user funds.
On Aug. 5, the security professionals tracked the scammers and noted that they have rebranded their “Meetly.gg” site and are planning to redeploy it with a new name called “Meeten.gg.”
Related: FBI issues warning about scammers impersonating crypto exchanges
How to protect your crypto
When asked how users can avoid falling prey to such scammers, Hachem gave some tips, including compartmentalizing their devices and taking time to know their counterparties.
According to the security professional, compartmentalizing or using different devices to interact with unknown sources can help prevent compromises.
“I know 99% of people don’t keep one device or a couple of devices for this kind of interaction with people like potential employees, employers, investors or projects.”
Hachem explained that this could help users isolate the software in case users fall for the social engineering aspect of the attack.
The FearsOff executive also highlighted that users should spend more time doing their due diligence and getting to know their counterparties, as many of these attackers use trusted platforms like LinkedIn to perform attacks.
“These days, we have to take a deep breath, take a couple of steps back whenever somebody is trying to share something to install, for whatever reason,” Hachem added.
Magazine: Asia Express: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT