A recent report warned of a new and sophisticated phishing scam targeting unsuspecting cryptocurrency users. The scheme includes fake links to Zoom meetings to trick investors into downloading malware to steal their assets.
Fake Zoom link steals private data
On Friday, blockchain security firm SlowMist to caution Investors reported that hackers were targeting cryptocurrency users with a sophisticated phishing scam to access their sensitive data. The investigation revealed that the malicious actors used “social engineering techniques and Trojan horses” to steal the victim’s private keys, wallet data, and other sensitive information.
According to the report, several X users posted online about a phishing attack disguised as Zoom meeting links, with some victims installing malware and losing assets worth millions of dollars.
One victim recounts that he was manipulated into clicking on a fake Zoom meeting link and tricked into downloading and installing the malware on their computers. This resulted in the theft of $1 million USD0++ from the victim’s cryptocurrency wallet.
Victim explains Zoom phishing scam. Source: SlowMist
SlowMist explains that the hackers are using a fake domain that looks like the original Zoom meeting link. Additionally, the website closely mimics Zoom’s meeting interface, which tricks users into clicking the “Start Meeting” button.
However, this action does not open the Zoom app. Instead, it downloads malware, prompting users to “reinstall” the platform. After installation, users are tricked into executing a malicious script and entering their system password.
A blockchain security company found that this script collects information from the user’s device and sends it to the hacker:
After the malicious code collects system information, browser data, cryptocurrency wallet data, Telegram data, Notes data, and cookie data, it compresses the collected information and sends it to a server controlled by the hacker.
In addition, the software executes other scripts that collect KeyChain data from the computer to attempt to decrypt it. This allowed the hacker to access wallet phrases and private keys, making it easier to steal cryptocurrency assets.
SlowMist also tracked relevant wallets, and found that more than $1 million worth of cryptocurrencies, including USD0++, MORPHO, and ETH, resided in addresses linked to the hacker. According to the report, MORPHO and the recently stolen USD0++ tokens were exchanged for 296 Ethereum (ETH) on December 23.
The funds were transferred to various cryptocurrency platforms, including Binance, Bybit and Gate.io, to attempt to hide the illicit profits. The security company advised users to carefully check links before clicking on them and avoid executing unknown programs and commands to protect their sensitive data and money.
Cryptocurrency hacks to rise in 2024
According to a recent report by Chainalysis, cryptocurrency hacks have continued in 2024, rising by 21.07% from last year. The industry saw more than $2.2 billion lost to hackers, recording the third-largest year in terms of total value stolen.
Additionally, this became the year with the highest number of individual hacks, with 303 incidents recorded by the time of reporting. Private key compromises were the largest type of breach, accounting for 43.8% of incidents, while centralized exchanges (CEXs) were the platforms most targeted in the second and third quarters.
This year also saw some of the largest heists in the industry’s history, with the DMM Bitcoin and WazirX vulnerabilities generating around $540 million between May and July. Meanwhile, North Korean hackers were responsible for 60% of the total value stolen, with $1.34 billion linked to their attacks.
Ultimately, the report noted the need for the industry to address an “increasingly sophisticated and complex threat landscape,” and suggested a “collaborative public-private approach” to effectively combat these challenges in the future.
Total crypto market capitalization is at $3.28 trillion in the one-week chart. Source: TOTAL on TradingView
Featured image from Unsplash.com, chart from TradingView.com