Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

             A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. 

             Downloading the booby-trapped application requires victims to provide a RoomID, a unique identifier to a meeting invitation that's propagated via replies to the Vortax account, direct messages, and cryptocurrency-related Discord and Telegram channels. Once a user enters the necessary Room ID on the Vortax website, they are redirected to a Dropbox link or an external website that stages an installer for the software, which ultimately leads to the deployment of the stealer malware.

             "Cybercriminals have now found a way to exploit the facility provided by cloud storage to host static websites (typically .HTML files) containing embedded spam URLs in their source code," security researcher Manoj Kumar said. In the final stage, the website automatically redirects users to the embedded spam URLs or dynamically generated URLs using JavaScript and deceives them into parting with personal and financial information.

Reference: Hacker news.