Russian cybercriminals use web3 games as a disguise to target macOS and Windows systems

A fresh malware scheme is disguising itself as web3 gaming projects to spread infostealers on both macOS and Windows platforms.
Insikt Group recently conducted an investigation that exposed a new cybercrime operation targeting users with fake web3 gaming initiatives that are designed to distribute malware. In a blog post on April 11, cybersecurity analysts at Insikt Group revealed that the malware is intended to steal information from both macOS and Windows users, taking advantage of the appeal of blockchain-based gaming for potential financial gains. The operation, named “Web of Deceit: The Rise of Imitation Web3 Gaming Scams and Malware Infections,” is believed to be carried out by Russian-speaking hackers, as indicated by artifacts found in the HTML code.
The campaign is reportedly focused on creating fake web3 gaming projects with small changes in names and branding to appear authentic. To attract victims, bad actors also create fake social media accounts to make their fraudulent schemes seem credible.
After installation, the malware infects victims’ devices with various types of infostealer malware such as Atomic macOS Stealer (AMOS), Stealc, Rhadamanthys, or RisePro, tailored to the user’s operating system.
The analysts noted that the cybercriminals have established a robust system that allows them to “quickly adapt by rebranding or shifting focus upon detection.” The investigation also revealed that malware variants like AMOS can infect both Intel and Apple M1 Macs in an attempt to steal cryptocurrency from desktop wallets or extensions.
Once private data such as the operating system type, user-agent, IP address, and browser-connected crypto wallets are extracted, they are sent to a pre-configured Telegram channel established by the threat actors, also in Russian. Although the full extent of the scam remains unclear, Insikt Group asserts that the latest malware underscores a “strategic shift toward exploiting the intersection of emerging technologies and social engineering.”