Hackers attack cryptocurrency owners with fake Zoom links

A phishing scheme targeting cryptocurrency users is gaining traction online. Cybercriminals are using fake Zoom meeting links to trick victims into installing malicious software that steals their assets.

The blockchain security firm SlowMist reported that attackers employ social engineering techniques and trojans to steal private keys, wallet data, and other sensitive information. According to the investigation, posts have emerged on the social platform X describing phishing attacks using fake Zoom links. These attacks have led to victims installing malware and losing cryptocurrency assets worth millions of dollars.

One victim recounted being lured into clicking a fake Zoom link and installing malicious software. This resulted in $1 million being stolen from their cryptocurrency wallet. SlowMist explained that hackers create fake domains resembling the Zoom interface and trick users into clicking the "Launch Meeting" button. Instead of opening the Zoom app, the link downloads malware, which prompts users to "reinstall" the platform.

How the phishing program works

Once installed, the malicious script collects data from the victim’s device, including system information, browser data, cryptocurrency wallet data, Telegram information, notes, and cookies. This data is then compressed and sent to a server controlled by the hackers.

Additionally, the malware attempts to decrypt KeyChain data, which enables hackers to access mnemonic phrases and private keys, ultimately facilitating the theft of cryptocurrency assets.

SlowMist traced wallets associated with the attackers and found over $1 million in cryptocurrency. In December, the stolen tokens were converted into 296 ETH and transferred across multiple platforms, including Binance, Bybit, and Gate.io, to obscure the origin of the funds.

Security experts strongly advise users to verify links before clicking, avoid installing unknown software, and refrain from executing suspicious commands to protect their sensitive data and funds.

Last month, a memecoin investor lost $6 million in a phishing attack involving a fake Zoom link.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.