A new method of stealing crypto has emerged, with hackers using fake Zoom meeting links to target unsuspecting users. In a blog, SlowMist explaining how attackers create counterfeit meeting invitations to trick people into downloading harmful software.
SlowMist explained using one such incident involving a victim who clicked on a Zoom meeting link that appeared genuine. Instead of joining a meeting, the victim unknowingly installed malicious software.
This program collected sensitive data, including cryptocurrency wallet information, and sent it to a server controlled by the hackers. The attackers then stole millions of dollars worth of cryptocurrency from the victim.
The scam begins with hackers creating fake Zoom links using domains that closely resemble legitimate ones, such as “app.us4zoom.us.” When users click on the link and press “Launch Meeting,” they are prompted to download a fake installation file. This file, once executed, launches malicious scripts that collect passwords, wallet keys, and other sensitive information.
The malware also targets browser and system data, including stored passwords and cryptocurrency wallets. The stolen information is sent to servers operated by the attackers, allowing them to drain victims’ crypto assets.
SlowMist’s investigation traced the funds stolen in these attacks. The hackers’ wallets revealed transactions totaling over $1 million, with funds moved through platforms like Binance, ChangeNOW, and MEXC. The attackers also used smaller transactions to mask their activities, making it harder to track the flow of stolen funds.
The firm identified the attackers as likely operating from Russia, as their scripts contained Russian language commands and used the Telegram API to monitor their phishing attempts.
Read also: SlowMist warns of rising phishing attacks in the TON ecosystem and more MEV bot scams amid AI hype.
SlowMist is a cybersecurity company in the Web3 and blockchain space. Founded in 2018, it specializes in protecting blockchain ecosystems, smart contracts, and cryptocurrency platforms.
Its goal is to help individuals, businesses, and institutions safeguard their assets against hacks, phishing attacks, and other security threats prevalent in the decentralized finance (DeFi) and cryptocurrency industry.
SlowMist has assisted in tracking down stolen funds from major attacks, such as those targeting DeFi protocols and cryptocurrency exchanges. SlowMist collaborates with blockchain networks like Ethereum and Binance Smart Chain, providing ongoing security measures to enhance their ecosystems’ safety.
The firm advises users to always double-check the authenticity of meeting links sent to them, avoid downloading software from unverified sources, regularly update antivirus programs, and be cautious when prompted to enter passwords or execute unknown files.
