Attacks involved the display of fraudulent Google Meet popup alerts, which would download the StealC or Rhadamanthys infostealers for Windows users and the AMOS Stealer payload for macOS users, according to a Sekoia analysis. Such intrusions are believed to have been conducted by the Slavic Nation Empire and Scamquerteo Team operations, which are associated with crypto scam teams Marko Polo and CryptoLove, respectively.

Source: SC Magazine