Fake Meeting Software Threat

Written By Ruth Romano

A fake virtual meeting software called Vortax has been used for a large-scale malicious campaign targeting cryptocurrency users. A threat actor with the alias markopolo has been identified as driving the scam which targets digital currency users on social media.

Fake meeting software vortax threat

The campaign is very clever in gaining trust as Vortax has a legitimate presence on social media including a verified account on X (formerly Twitter) which carries a gold checkmark.

Once a user has been enticed to download the booby-trapped application the victim is then required to provide a RoomID, a unique identifier to a meeting invitation.

Once the relevant Room ID is entered on the Vortax website, the victim is then redirected to a Dropbox link or an external website that stages an installer for the software.

Once installed, Vortax delivers three information stealers (infostealers) in cross-platform attacks. One called AMOS is of particular importance because it is a rare occurrence of a macOS infostealer, which is less common than its Windows counterparts.

What can be done to mitigate the risks of the Vortax campaign?

  • Ensure that detection systems are regularly updated to prevent infections

  • Educate users on the risks of downloading unapproved software

  • Implement strict security controls to prevent the download of unlicensed software

Contact Romano Security Consulting today for help and advice on securing your organisation.

Ruth Romano
Next

Darcula Mobile Phishing Threat