New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

Arctic Wolf uncovered a BlueNoroff campaign targeting Web3 and crypto organizations that lures victims with deepfake impersonations and typosquatted meeting invites; when victims join, they are tricked into pasting a command that executes fileless PowerShell payloads which persist in memory, inject into Chromium browsers, and exfiltrate wallet keys and credentials—over 100 targets in 20+ countries were identified, primarily finance-related and high-profile individuals.