"Fake Meeting Software Spreads macOS Infostealer"

Security researchers at Insikt Group recently observed a widespread malicious campaign targeting cryptocurrency users and involving Vortax, a fake virtual meeting software.  Vortax has a presence on social media and is marketed as a cross-platform and in-browser enterprise-focused alternative to other video chat services that leverages artificial intelligence to generate meeting summaries and action items and suggest questions or comments with its “MeetingGPT” product.  The researchers noted that once Vortax is installed, three information stealers (Rhadamanthys, Stealc, and Atomic macOS Stealer, also known as AMOS) are installed in an extensive campaign aimed at cryptocurrency theft.  The researchers noted that the third infostealer, AMOS, is of particular importance because it’s a rare occurrence of a macOS infostealer, which is less common than its Windows counterparts.  Upon further investigation of the Vortax application, its network of associated accounts, and the malware it deployed, the researchers identified 23 other malicious macOS applications masquerading as legitimate.  Most of these were targeting virtual meeting software and cryptocurrency users.

 

Infosecurity Magazine reports: "Fake Meeting Software Spreads macOS Infostealer"

Submitted by Adam Ekwall on