A recent report has warned of a sophisticated new phishing scam targeting unsuspected crypto users. The scheme involves fake Zoom meeting links to trick investors into downloading malware in order to steal their assets.
Fake Zoom link steals private data
Blockchain security firm SlowMist warned investors on Friday that hackers were targeting crypto users with a sophisticated phishing scam to gain access to their sensitive data. The investigation revealed that malicious actors used “social engineering and Trojan techniques” to steal the victim’s private keys, wallet data, and other sensitive information.
According to the report, several X users posted information online about a phishing attack disguised as Zoom meeting links, with some victims installing malware and losing assets worth millions of dollars.
One victim says she was tricked into clicking on a fake Zoom meeting link and tricked into downloading and installing the malware on her computer. This resulted in the theft of 1 million USD0++ from the victim’s crypto wallet.
Victim explains Zoom phishing scam. Source: SlowMist
SlowMist explains that the hackers are using a fake domain resembling the original Zoom meeting link. Additionally, the website closely mimics the Zoom meeting interface, which prompts users to click the “Start Meeting” button.
However, this action does not open the Zoom app. Instead, it downloads the malware, tricking users into “reinstalling” the platform. After being installed, users are tricked into running a malicious script and entering their system password.
The blockchain security company discovered that this script collects information from the user’s device and sends it to the hacker:
After the malicious code collects system information, browser data, cryptocurrency wallet data, Telegram data, Notes data and Cookie data, it compresses the collected information and sends it to a controlled server by the hacker.
Additionally, the software runs other scripts that collect KeyChain data from the computer in an attempt to decrypt it. This allowed the hacker to access the wallet’s mnemonic phrases and private keys, making it easier to steal crypto assets.
SlowMist also tracked associated wallets, discovering that over $1 million in crypto, including USD0++, MORPHO, and ETH, was in addresses linked to the hacker. According to the report, the recently stolen MORPHO and USD0++ tokens were exchanged for 296 Ethereum (ETH) on December 23.
The funds were transferred to various crypto platforms, including Binance, Bybit and Gate.io, in an attempt to hide the ill-gotten gains. The security company advised users to check links carefully before clicking and avoid running unknown software and commands to protect their sensitive data and funds.
Crypto hacks increase in 2024
According to a recent report from Chainalysis, crypto hacks have persisted in 2024, increasing by 21.07% compared to last year. The industry lost more than $2.2 billion to hackers, recording the third largest year in terms of total value stolen.
Additionally, this is the year with the highest number of individual hacks, recording 303 incidents at the time of writing. Private key compromises were the largest type of compromise, accounting for 43.8% of incidents, while centralized exchanges (CEX) were the most targeted platforms in Q2 and Q3.
This year has also seen some of the largest heists in the industry’s history, with DMM Bitcoin and WazirX exploits raking in around $540 million between May and July. Meanwhile, North Korean hackers were responsible for 60% of the total value stolen, with $1.34 billion linked to their attacks.
Ultimately, he highlighted the need for the industry to address the “increasingly complex and evolving threat landscape”, suggesting a “collaborative approach between the public and private sectors” to effectively combat these challenges. in the future.
Total crypto market capitalization is at $3.28 trillion in the one-week chart. Source: TOTAL on TradingView
Featured image from Unsplash.com, chart from TradingView.com
