Blockchain security firm SlowMist has uncovered a phishing scam targeting cryptocurrency users through fake Zoom meeting links.
The scam, active since November 14, 2024, has reportedly resulted in millions of dollars in losses for victims.
SlowMist’s investigation revealed that the attackers created a counterfeit Zoom domain, “app[.]us4zoom[.]us,” designed to resemble Zoom’s official site. Victims are tricked into clicking the “Launch Meeting” button, which prompts them to download a malicious file, “ZoomApp_v.3.14.dmg.”
Once installed, the file executes a script titled “ZoomApp.file,” which asks users to enter their system passwords. The script installed a hidden file, “.ZoomApp” that extracted sensitive data, including browser cookies, cryptocurrency wallet credentials, and Telegram login details.
The blockchain security firm claimed that the malware, identified as a Trojan horse, can decrypt data, enumerate plugin paths, and steal credentials stored on the victim’s device. The stolen data is then compressed and sent to a server linked to the hackers, which they use to gain full access to victims’ crypto wallets.
An on-chain analysis by SlowMist’s MistTrack showed one wallet linked to the hackers allegedly contained over $1 million in stolen assets, which was converted into 296 ETH and funneled through exchanges such as Binance and Bybit. Another address was found making small ETH transactions to nearly 8,800 wallets.
Notably, in November, a victim of a similar Zoom link scam reported losing over $6 million worth of Gigachad (GIGA) tokens. The investor claimed the hackers used the malware to gain access to their wallets and execute a massive sell-off of the GIGA tokens.
SlowMist urged users to verify links and avoid downloading suspicious files, stating that it would continue to monitor the situation.
Meanwhile, this revelation and warning add to a wave of phishing and investment scams targeting cryptocurrency users. New Zealand’s Financial Markets Authority (FMA) recently issued an alert about scams targeting citizens via fake YouTube investment advice. Victims are lured into private WhatsApp or Telegram groups, where they are promised high returns but end up losing their funds.
The FMA urged New Zealanders to verify links, avoid suspicious downloads, and exercise caution when investing in online opportunities.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
