Beware! Fake Zoom Malware Scam Discovered to Steal Crypto
Crypto scammers have devised a new scheme involving a malicious Zoom look-alike that tricks users into installing malware, resulting in significant cryptocurrency thefts. On July 22, a non-fungible token (NFT) collector and cybersecurity engineer known as "NFT_Dreww" alerted the public to this sophisticated scam on the social media platform X.
Table of Contents
How the Scam Operates
This scam targets NFT holders and crypto whales through social engineering tactics. Scammers typically approach these individuals with enticing offers such as licensing intellectual property, joining Twitter Spaces discussions, or participating in new projects. They insist on using Zoom for communication and direct the target to join a meeting via a malicious link.
When the victim clicks on the link, they are presented with a "stuck" page showing an infinite loading screen. The page then prompts them to download and install a file named ZoomInstallerFull.exe, which is actually malware. Once installed, the page redirects to the official Zoom platform, making the user believe the installation was successful. Meanwhile, the malware infiltrates the victim's computer, extracting valuable data and cryptocurrencies.
The Technical Details
The malware employed in this scam is highly sophisticated. According to "Cipher0091," a technologist credited by Drew, the malware adds itself to the Windows Defender exclusion list upon execution, thereby avoiding detection by antivirus systems. It then begins extracting the victim's information while distracting them with the "spinning loading page" and the process of accepting terms and conditions.
Evolving Tactics
Scammers continuously change their domain names to evade detection, with this particular scam already on its fifth domain. This strategy makes it challenging for security systems to flag and block these malicious sites. Additionally, several members of the crypto community have reported receiving malicious emails from scammers impersonating crypto influencers and executives. These emails often contain attachments that, if executed, install crypto-stealing malware on the victim's device.
Protecting Yourself
To protect yourself from such scams, always verify the legitimacy of links and invitations, especially when dealing with unsolicited offers. Be cautious of any requests to download software or enter sensitive information. Ensure that your antivirus software is up to date and configured to scan all downloads. Lastly, stay informed about the latest cybersecurity threats and tactics used by scammers to avoid falling victim to their schemes.