Cryptographic Malware Targets Zoom Users
A new cryptographic malware is targeting users of the cloud-based video conferencing platform Zoom. The malware redirects users to malicious websites to steal their crypto assets. On July 22, network security engineer “NFT_Dreww” discovered that the malicious website closely imitated the original Zoom video call link.
Sophisticated Social Engineering Tactics
The attack begins with social engineering tactics such as offering angel investment opportunities or inviting victims to join a fake group. Scammers create fake Zoom URLs that closely resemble legitimate ones to deceive users. They use NFT profile pictures and fake association claims to appear legitimate. Users are misled by subtle differences in the malicious URLs.
The scammers insist on users agreeing to join a Zoom call, claiming their team is ready. Once the victim clicks the malicious link, they are redirected to a fake Zoom page and prompted to download malicious software disguised as Zoom installer.
Malicious Installation Process
After installing the malware, users are redirected to a legitimate Zoom page while the malware operates in the background. It adds itself to the Windows Defender exclusion list to avoid detection and extracts user information. The scam has already stolen over $300,000 worth of funds, emphasizing the need for caution when clicking on links and downloading software.
As crypto scams grow more sophisticated, users must be vigilant to protect their assets. Recent incidents, like compromised email addresses and phishing attacks, highlight the importance of staying informed and cautious in the digital realm.
In summary, the evolving tactics of crypto scammers pose a threat to unsuspecting users, emphasizing the need for heightened security awareness and vigilance in navigating the online landscape.