Malicious Zoom Malware: A New Threat to Crypto Users
A new form of cryptographic malware has emerged, targeting users of the popular cloud-based video conferencing platform Zoom. This malicious software is designed to redirect users to fake websites in an attempt to steal their valuable cryptocurrency assets.
Discovery of the Malicious Scheme
On July 22, network security engineer “NFT_Dreww” uncovered the elaborate scam, where cybercriminals created a fake Zoom URL that closely resembled the legitimate video call link. The goal was to deceive unsuspecting users and lure them into downloading malware.
The Tactics of the Scammers
The attack starts with social engineering tactics, with scammers approaching potential victims under the guise of offering investment opportunities or inviting them to join cryptocurrency-related projects. By posing as legitimate market participants, scammers aim to gain the trust of their targets.
To make their fraudulent activities appear authentic, the scammers create fake Zoom URLs that closely mimic genuine Zoom links. They incorporate real meeting IDs and passwords to make the URLs seem legitimate at first glance.
How the Malware Operates
When a user clicks on the fake Zoom link, they are directed to a malicious website that closely resembles the real Zoom platform. The user is prompted to download a file named “ZoomInstallerFull.exe,” which appears to be a legitimate installation process complete with terms and conditions.
Once the malware is installed on the victim’s system, it extracts sensitive user information while appearing to redirect the user to a legitimate Zoom URL. The malware even evades detection by adding itself to the Windows Defender exclusion list.
Security experts have reported that this scam has resulted in the theft of over $300,000 worth of funds from multiple victims. Users are advised to exercise caution when clicking on links received via social media and to avoid downloading any suspicious software.
With the cryptocurrency industry expanding rapidly, social engineering scams are becoming more sophisticated. Recent incidents, such as the compromise of the Ethereum Foundation’s email address, highlight the increasing prevalence of such fraudulent activities.
In the first half of 2024, these scams led to the theft of more than $300 million in cryptocurrency assets on the EVM chain, underscoring the need for heightened vigilance among crypto users.
The post Crypto scammers use fake Zoom malware to steal funds appeared first on Invezz
