Crypto scammers have launched a new, sophisticated scheme involving malicious links that mimic the video conferencing platform Zoom. On July 22, cybersecurity engineer and NFT collector “NFT_Dreww” alerted users to this scam, which has already resulted in the theft of $300,000 worth of cryptocurrency. The fraudulent links direct victims to a fake Zoom page that prompts them to download malware disguised as a legitimate Zoom installer.
The scam operates by targeting NFT holders or crypto enthusiasts with fake offers related to licensing intellectual property, joining new projects, or participating in Twitter Spaces. Scammers rush their targets to click on a Zoom link leading to a page that appears to load indefinitely. The page then instructs users to download “ZoomInstallerFull.exe,” which is actually malware designed to infiltrate their systems.
Once the malware is installed, it adds itself to the Windows Defender exclusion list to avoid detection. It then begins to extract sensitive information while the user is distracted by the fake loading screen. The scammers continuously change domain names to evade detection, with this being their fifth domain for this particular scam.
The evolving nature of social engineering scams continues to pose a significant threat in the crypto world. In addition to the fake Zoom links, other scammers have been sending malicious emails impersonating crypto influencers and executives, which also install malware upon execution. This underscores the importance of vigilance and verification to protect against such sophisticated attacks.
Reference: