News

How to Identify Fake Zoom Links Scammers Use to Steal Your Cryptocurrency

single-image

According to the cybersecurity engineer, once the malware is downloaded, it has the ability to steal everything from your device.

A cybersecurity professional recently highlighted a concerning trend where hackers are targeting Zoom users in an attempt to steal their cryptocurrency holdings. Through a sophisticated phishing-based malware distribution scheme, scammers are luring unsuspecting individuals into downloading malicious software that can compromise their devices. This alarming development has already resulted in over $300,000 being stolen from victims, underscoring the severity of the situation.

Stay in the know on crypto by frequently visiting Crypto News Today

The cybersecurity engineer, known as NFT_Dreww.eth on Twitter, shared details about the evolving tactics employed by these scammers in a recent Twitter thread. According to NFT_Dreww.eth, the scammers have become increasingly sophisticated in their approach, often impersonating legitimate entities like Zoom to deceive users. By exploiting the trust of their targets, these criminals are able to trick individuals into downloading harmful software that can lead to significant financial losses.

CryptoCaster Quick Check:

In his Twitter thread, NFT_Dreww.eth explained that scammers typically entice potential victims with false promises of lucrative opportunities. These may include offers to license intellectual property, invitations to participate in Twitter spaces as guests, requests to become angel investors, or invitations to join project teams. By preying on individuals’ desire for financial gain or professional advancement, scammers are able to manipulate them into falling victim to their malicious schemes. It is crucial for users to remain vigilant and exercise caution when engaging with unknown entities online to protect themselves from falling prey to such scams.

Advertisement

The scammers are persistent in their request to discuss the opportunity through Zoom, providing them with the chance to distribute the harmful link. Additionally, they employ aggressive tactics such as sending a screenshot of a crowded Zoom call to pressure the victim into complying with their demands.

Even if the target has Zoom already installed, a convincing page will display a loading screen while downloading ZoomInstallerFull.exe. However, this file is actually a malicious software pretending to be a legitimate Zoom installer. The victim will then be prompted to agree to terms and conditions that are typically seen during the installation of new software on Windows.

Advertisement

After the fake “installation” is finished, the loading page will continue spinning until eventually redirecting the victim to the real Zoom website. Drew’s analysis suggests that this tactic is designed to make it appear as if there was a minor technical issue or that the process was simply taking longer than expected. By this time, the malware has already been activated and has carried out its intended tasks.

Upon execution, the malware promptly embeds itself into the Windows Defender exclusion list, preventing Windows from detecting and blocking it. Subsequently, the malware begins its malicious activities, such as extracting sensitive user data, while the victim is preoccupied with the loading screen of the video call. The victim unknowingly accepts fake terms and conditions, unaware of the danger posed by the malware that has infiltrated their system.

Drew emphasized that virus detection software may struggle to detect this particular type of malware. He pointed out that tools like Virus Total can sometimes fall short in identifying such threats. These tools are designed as a precautionary measure and should not be solely relied upon as the ultimate truth. While Virus Total is a valuable resource, it may not provide accurate results if the search parameters are not specific enough.

Artem Irgebaev, a Smart Contract Triager at Immunefi, shared insights regarding the effectiveness of antivirus software against encrypted malware. He mentioned that the efficiency of antivirus programs is contingent upon whether the malware was encrypted prior to its transmission to the target. Artem expressed his belief that antivirus software tends to be ineffective in most scenarios, especially when Threat Actors meticulously plan their attacks on high-profile targets and encrypt their malware to evade detection.

In summary, both Drew and Artem shed light on the limitations of virus detection software when it comes to combating sophisticated malware. While tools like Virus Total serve as valuable checks in the cybersecurity arsenal, they are not foolproof solutions. The evolving tactics of cybercriminals, such as encrypting malware, pose challenges for traditional antivirus programs. It is crucial for individuals and organizations to adopt a multi-layered approach to cybersecurity that goes beyond relying solely on antivirus software for protection against advanced threats.

Sudipan Sinha, a key contributor at RiskLayer and the CEO of Chainrisk Labs, emphasized that depending only on antivirus software has its limitations. He pointed out that zero-day exploits, which are completely new and not yet identified by antivirus databases, present a major challenge.

Furthermore, antivirus software is unable to protect against social engineering techniques that trick users into unknowingly downloading malware. As a result, while antivirus software is an important part of cybersecurity defense, effective protection against advanced attacks often necessitates extra layers of security measures and user awareness.

Realistic zoom connections.

The phishing campaign’s links closely mimic legitimate Zoom links in their format, as pointed out by Drew. Legitimate Zoom links typically use the zoom.us domain with location-based subdomains, redirecting U.S.-based users to us02web.zoom.us. In contrast, the malicious links utilize the zoom subdomain of the us50web.us domain. This can make the resulting zoom.us50web.us link appear legitimate at first glance, due in part to the confusing naming conventions of Zoom domains and subdomains.

Drew also highlights the us50web-zoom.us domain as another example of the deceptive links used in the phishing campaign. It is important for users to be vigilant and verify the legitimacy of links before clicking on them, especially when they appear to be from familiar platforms like Zoom. By being aware of the tactics used in phishing campaigns, individuals can better protect themselves and their information from potential cyber threats.

Drew emphasized the significance of understanding that a “-” does not automatically indicate a sub-domain but rather a component of a top-level domain. This distinction is crucial as it can deceive many individuals who may not be aware of this detail.

He also pointed out the importance of being vigilant to avoid falling victim to social engineering attacks similar to the one discussed. Social engineering attacks can be sophisticated and convincing, making it essential for individuals to stay informed and cautious when interacting online.

In addition, Drew highlighted the ease with which individuals can be misled by such tactics, estimating that a large percentage of people do not thoroughly inspect each character in a link they receive, particularly in the case of a Zoom link. Irgebaev further commented on the creativity of using a fake Zoom domain to lure unsuspecting individuals into downloading malware, underscoring the need for heightened awareness and cybersecurity measures.


We hope you found this article insightful. Before you go, please consider supporting CryptoCaster’s independent journalism.

In the world of media owned by billionaires like Elon Musk, Larry Fink (BlackRock), and Jamie Dimon (JP Morgan Chase), influence over narratives surrounding cryptocurrency and Web3 often reflects their interests. CryptoCaster is different. With no billionaire backers or shareholder obligations, we are committed solely to public interest journalism, covering crypto advancements and institutional changes without profit-driven motives.

Unlike much of mainstream media, which can fall into neutrality traps that obscure the real impacts on retail investors, we’re guided by transparency and integrity. We are unafraid to take a stand in the ongoing struggle against fiat banking dominance and in support of the monetary innovation driven by crypto and Web3. Reporting on issues like FTX, Binance, and Ripple, we bring a bold, unfiltered outsider’s view on global financial disruption—free from the constraints of traditional media narratives.

CryptoCaster remains paywall-free, accessible to everyone, thanks to the support of readers like you. Your contributions keep us independent and help ensure that critical information on the crypto landscape reaches all. If you value our work, please consider supporting us with a one-time contribution starting at just $1 in Bitcoin or Ether, or even monthly if you’re able. Scroll down to find our wallet addresses and help keep CryptoCaster independent and thriving.

Thank you for your support,

Kristin Steinbeck
Editor, CryptoCaster


Please Read Essential Disclaimer Information Here.
© 2024 Crypto Caster provides information. CryptoCaster.world does not provide investment advice. Do your research before taking a market position on the purchase of cryptocurrency and other asset classes. Past performance of any asset is not indicative of future results. All rights reserved.


Contribute to CryptoCaster℠ Via Metamask or favorite wallet. Send Coin/Token to Addresses Provided Below.
Thank you!
BTC – bc1qgdnd752esyl4jv6nhz3ypuzwa6wav9wuzaeg9g
ETH – 0x7D8D76E60bFF59c5295Aa1b39D651f6735D6413D
SOL – DLvdMu85dW6pZMhw2E4S3pp81qQQGpy5UcdTsFEFBu4b
LITECOIN – ltc1qxsgp5fykl0007hnwgl93zr9vngwd2jxwlddvqt


CRYPTOCASTER HEATMAP


You may also like