Intrusions leveraging the fraudulent virtual meeting software Vortax have been launched by the threat actor dubbed "markopolo" as part of a sweeping cross-platform scam distributing the Atomic macOS Stealer, Rhadamanthys, and StealC payloads for cryptocurrency exfiltration activities, according to The Hacker News.
After luring targets to download Vortax — which has been legitimized through a Medium blog with artificial intelligence-generated articles — the app would seek victims to provide a unique identifier, which when entered would redirect to another website or Dropbox link that would eventually prompt stealer malware deployment, an analysis from Recorded Future's Insikt Group revealed.
Such a scam was reported by cryptocurrency researcher ZachXBT to have resulted in the theft of $245,000 worth of cryptocurrency.
"This campaign, primarily targeting cryptocurrency users, marks a significant rise in macOS security threats and reveals an expansive network of malicious applications," said Insikt Group researchers, who also noted the threat actor's agility in adopting new lures for his attacks.