Fake Zoom malware steals crypto while it’s ‘stuck’ loading, user warns
Crypto scammers are up to no good again, and their latest weapon appears to be malicious links to a webpage that looks and feels almost exactly like the video conferencing platform Zoom, which prompts users to install malware when clicked.
On July 22, non-fungible token collector and cybersecurity engineer “NFT_Dreww” alerted X users to a new “extremely sophisticated” crypto scam involving fake links for Zoom.
Drew said the scammers have already stolen $300,000 worth of crypto from the method.
How the scam works
Like many social engineering scams, Drew explained that scammers typically target non-fungible token (NFT holders or crypto whales, asking if they would be interested in licensing their intellectual property , inviting them to Twitter Spaces, or asking them to join a team for a new project.
The scammers will insist on using Zoom and hurry the target to join a meeting in progress using a hard-to-notice malicious link.
“It's extremely easy to fall for this... I doubt 80% of people verify each character in a link that's sent, especially a Zoom link.”
Once the link is clicked, the user will be met with a “stuck” page showing an infinite loading screen. The page will then prompt the user to download and install ZoomInstallerFull.exe, which is actually malware.
Once installed, the page will redirect back to the official Zoom platform, making the user believe it worked, but by then, the malware has already infiltrated the target computer and stolen the data and loot , explained Drew.
According to technologist “Cipher0091,” whom Drew also credits for his X thread, when the malware is first executed, it adds itself to the Windows Defender exclusion list to prevent antivirus systems from blocking it.
“Then it begins executing and extracting all your information while the software is distracting you with the “spinning loading page” and going through the process of accepting T&Cs, etc,” explained Drew.
He added that the scammers will keep changing domain names to prevent them from being flagged, and this was their fifth domain so far for this scam.
Related: Coinbase-posing scammers steal $1.7M from a user amid a string of attacks
Social engineering crypto scams are not new, but they do keep evolving. Several crypto community members have reported receiving malicious emails this week from scammers impersonating other crypto influencers and executives.
The email contains a malicious attachment that will likely install crypto-stealing malware if executed.
Related: Lazarus Group laundered over $200M in hacked crypto since 2020
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
SEC Commissioner Slams Ripple Settlement as Legal Battle Nears End
A senior U.S. Securities and Exchange Commission (SEC) official has criticized a proposed settlement between the agency and Ripple Labs, potentially marking the final chapter of a years-long legal dispute over the XRP token.
Zerebro Developer Reported Alive Days After Alleged On-Camera Suicide
The mysterious case of Zerebro’s 22-year-old developer, who appeared to shoot himself during a livestream on May 4, took a dramatic turn after he was reportedly seen alive outside his family home in San Francisco.
AI DApps Surge in Activity, Poised to Rival Gaming and DeFi in Web3 Dominance
Artificial Intelligence-powered decentralized applications (DApps) are rapidly gaining ground in the Web3 ecosystem. They may soon challenge the dominance of Gaming and Decentralized Finance (DeFi), according to fresh insights from blockchain analytics firm DappRadar.
Bitcoin ETF Inflows Surge to Record $40.62 Billion
Trending news
MoreCrypto prices
More
