Hi everyone,

Following up on my post about real-world crypto scams (check it out here), I want to alert you to a particularly insidious scam that’s been making the rounds lately. This one involves a fake virtual meeting software called Vortax and 23 other malicious apps.

A cybercriminal known as “markopolo” has been running a large-scale cross-platform scam that targets cryptocurrency users. This scam uses fake virtual meeting software to deliver information-stealing malware, leading to cryptocurrency theft. It’s a particularly nasty one because it appears very legitimate at first glance.

Here’s how it works:

  • The Setup: Markopolo’s scam uses a virtual meeting software called Vortax, along with 23 other apps, to deliver malware. The apps appear legitimate and even have a verified presence on social media, including a blog filled with AI-generated articles and a verified account on X (formerly Twitter) with a gold checkmark.
  • The Trap: Victims are tricked into downloading the software via replies to the Vortax account, direct messages, and cryptocurrency-related Discord and Telegram channels. They must provide a RoomID, which they receive through these channels, to download the app.
  • The Attack: Once the software is downloaded, it installs malware such as Rhadamanthys, StealC, and Atomic macOS Stealer (AMOS). This malware then steals sensitive information and cryptocurrency from the victims.
  • The Impact: This campaign has led to significant security threats, especially for macOS users. It showcases how versatile and adaptable these cybercriminals can be. The stolen data includes sensitive financial information, leading to substantial monetary losses.

How to Protect Yourself

  1. Verify Before You Trust: Always double-check the legitimacy of any software or app you download, especially if it comes from an unfamiliar source. Look for reviews and verify the developer’s information.
  2. Be Cautious of Links: Avoid clicking on links from unknown sources. Scammers often use legitimate-looking URLs to trick users.
  3. Use Strong Security Measures: Enable multifactor authentication (MFA) wherever possible to add an extra layer of security to your accounts.
  4. Report Suspicious Activity: If you come across any suspicious emails, links, or software, report them immediately. You can send them to me through the Incognito app, and I’ll help verify their legitimacy.

Stay vigilant and protect your digital assets. If you have any questions or need assistance, don’t hesitate to contact me through the Incognito app.

All the best,

Stephen McCormack