Meta Land ‘Job’ Malicious Download Scam

Info Stealer from downloading a game

Author

Cryptaveli
August 15, 2023

Malicious Download Scam - Redline Stealer

This scam uses advanced social engineering tactics to get you to download malicious software that steals all your information, including wallet passwords.

A RedLine Stealer can extract login credentials from a wide range of sources. It can also harvest information from browsers including wallet passwords.

If anyone ever comes up to you and wants to hire you for any position but you have to test a ‘game’ or ‘metaverse’, turn it down no matter how tempting the offer is. The download likely has 99.9% chance of being malicious and will steal all your information off of your computer. The real trick is that these guys have multiple Twitter/X profiles, working websites, and foot soldiers working for them who have a presence on X, Telegram, Discord, and other socials. Most have 1k+ followers.

The project and the team seem legit but they are there to make it look that way so they can steal all your assets.

For this particular scam empire, some of the names they go by are:

  • EcoTechLand

  • MatrixLands

  • MetaWorld

  • PlayMisterium

  • ImpulseFlow

  • CrystalPlay

  • MetaWorldMatrix

  • EcoLandTech

  • MatrixMeta

  • EcoMeta

And more…

There are 16.5k members in the Discord server and 42 boosts, that’s a lot for any project in web3. These are likely 99% bots with the rest being people involved in the scam or people they are trying to scam or recruit. Once they scam you, you are blocked from the server and by the team members on X.

As I type this one account on X got suspended and another one popped up.

The name was changed to what it looks like a placeholder until they can set up a new scam.

There are over 20 separate accounts involved in the scam, I have outlined each user in a Miro board HERE. There are various levels of devs, community managers, partners, and managers.

The thing that remains the same is the scamming by providing a malicious download in the form of a redline stealer.

ZachXBT on Twitter/X has tracked and reported some wallets, they have even stolen a couple BAYC. HERE and HERE are the wallet addresses he has reported on ChainAbuse.

HERE is their link3 account with all their socials. They provide a UK business account, but it is likely not theirs. I noticed that a few of them were French speaking as seen from their X history.

I am actively investigating this and will update as necessary. Please reach out if you have any information or was a victim of this scam.