In a sophisticated new phishing scam, hackers are targeting cryptocurrency holders by impersonating Zoom links to install malware, warns a cybersecurity expert.
Scammers Use Fake Zoom Links to Steal Crypto Holdings
Hackers have devised a new phishing scheme to target cryptocurrency investors through fake Zoom links, according to cybersecurity expert and NFT collector NFT_Dreww.eth. In a detailed Twitter thread, Drew highlighted the growing threat, revealing that over $300,000 has already been stolen through these malicious tactics.
Deceptive Tactics to Lure Victims
Scammers typically approach potential victims by offering fake opportunities such as intellectual property licensing, guest appearances on Twitter Spaces, or investment opportunities. They insist on discussing these offers via Zoom, providing a link that appears legitimate. Once clicked, the link initiates a download of a malicious file disguised as ZoomInstallerFull.exe, which, if executed, installs malware on the victim’s device.
⛔Would you have caught this malicious Zoom link?..⛔
Scammers are getting extremely sophisticated, and have evolved their tactics to impersonate zoom which, if downloaded, takes everything from your device… Over $300K stolen so far…
Let's dive into how this happens ⤵️⤵️… pic.twitter.com/sb1xfOE0tf
— NFT_Dreww.eth (@nft_dreww) July 22, 2024
Sophisticated Malware Deployment
The phishing link leads to a loading page that mimics Zoom, tricking users into believing they are joining a legitimate meeting. Meanwhile, the malware installs itself, bypassing Windows Defender and other antivirus software by adding itself to the exclusion list. This allows the malware to execute its payload and steal sensitive information, while the user remains unaware.
Challenges in Malware Detection
Drew emphasized that traditional virus detection tools often fail to catch this sophisticated malware. “Tools like Virus Total are useful but not infallible,” he warned, noting that the malware’s encryption before deployment makes detection even harder. Artem Irgebaev, a smart contract triager at Immunefi, and Sudipan Sinha, CEO at Chainrisk Labs, both echoed these concerns, highlighting the limitations of antivirus software in detecting such advanced threats.
Identifying Fake Zoom Links
The phishing links used in this scam closely resemble legitimate Zoom URLs, making it easy for victims to be deceived. Drew explained that while Zoom uses domains like us02web.zoom.us, the scammers use similar-looking domains such as zoom.us50web.us or us50web-zoom.us. The subtle differences, such as a misplaced hyphen, can easily trick users into downloading malware.
2/ Even if you have Zoom, it will redirect to what appears to be a Zoom page somewhat "stuck" in an infinite loading screen, and then it downloads and prompts you to install "ZoomInstallerFull.exe", when you begin the download process it all seems legit, accepting T&Cs, hitting… pic.twitter.com/K9LV6ROnFF
— NFT_Dreww.eth (@nft_dreww) July 22, 2024
Rising Threat of Crypto Crime
This phishing scam is part of a broader trend of increasing sophistication in crypto-related cybercrime. Europol’s latest Internet Organized Crime Threat Assessment indicates that as encryption and decentralization technologies advance, so too do the methods employed by cybercriminals. The report suggests that these technologies will continue to offer opportunities for anonymous and untraceable transactions, complicating efforts to combat cybercrime.
Preventive Measures and Awareness
To protect against such attacks, users are advised to double-check all URLs and remain cautious when receiving unsolicited offers. It is crucial to verify each character in a link, especially for high-stakes transactions involving cryptocurrency. Comprehensive cybersecurity measures, including user education and additional security layers, are essential to safeguarding digital assets.
Also Read: MonoSwap Hacked: Urgent Warning for Users to Withdraw Funds