A new crypto scam uses a fake Zoom page to trick users into installing malware. Be careful!
Scammers never sleeps
On Monday, cybersecurity engineer and NFT collector known as NFT_Dreww warned X users about a highly sophisticated crypto scam involving fake Zoom links.
⛔Would you have caught this malicious Zoom link?..⛔
Scammers are getting extremely sophisticated, and have evolved their tactics to impersonate zoom which, if downloaded, takes everything from your device… Over $300K stolen so far…
Let's dive into how this happens ⤵️⤵️… pic.twitter.com/sb1xfOE0tf
— NFT_Dreww.eth (@nft_dreww) July 22, 2024
The scam has already resulted in $300,000 worth of stolen crypto.
Scammers target NFT holders or crypto investors, often inviting them to Zoom meetings for various reasons like licensing intellectual property or discussing new projects.
They send an invite link, but it’s a malicious link that appears to be for a Zoom meeting, while it’s not.
Anatomy of an attack
When clicked, it leads to a fake Zoom page that shows an infinite loading screen.
This prompts users to download a file, with the name ZoomInstallerFull.exe, which is actually malware.
After installation, users are redirected to the real Zoom platform, making them think everything is fine while their computer is being compromised. Ouch.
Once the fake installer is executed, it also adds itself to the Windows Defender exclusion list to avoid detection by antivirus software. It then extracts the user’s information like private keys while the fake loading screen distracts them.
Scammers frequently change domain names to avoid being flagged, with this is their fifth domain for the scam.
Stay safe!
Social engineering scams in the crypto world aren’t new, but they are constantly evolving.
Many crypto community members have reported receiving malicious emails from scammers, especially after major hacks or security breach events, pretending to be well-known crypto influencers, industry companies or executives.
These emails usually contain attachments that, if opened, would likely install crypto-stealing malware.
The best advice for users to stay vigilant and verify the legitimacy of any links or attachments they receive. Or never open attachments on a device with crypto wallet.
