Crypto users have been alerted to new phishing attacks disguised as fake Zoom links. According to blockchain security firm SlowMist, the criminals are specifically targeting users with cryptocurrencies in their portfolios. In the report, the firm said the links look like Zoom links and trick victims into giving away sensitive data. The users are also tricked into downloading malicious data that steals their crypto.
According to SlowMist, the hackers created a domain using the usual Zoom domain name, changing some integral information to get registered. The victims must click the ‘Launch Meeting’ tab which should send them to the meeting. However, the link directs the users to download a malicious application from a website.
Crypto phishing attacks and data theft explained
After the victim downloads the malicious file, it triggers a script that requests the system password. The script executed instructions from a hidden file which was designed to collect all sensitive information including cookies, Keychain data, and crypto wallet data.
According to experts, the malware was designed to target crypto holders, stealing their private keys and other important wallet data. After the downloaded data is installed, it will run a script. When it is executed, users are mandated to enter their system passwords, unknowingly providing hackers with access to their sensitive data. The experts revealed that once the process is complete, the script executes a command that transfers the information collected to the hackers.
SlowMist revealed that its research revealed that the scammer’s website was created 27 days ago by Russian hackers. The hackers have been monitoring the website using Telegram’s API data, checking if anybody clicked the data. The company’s analysis revealed that the hackers started their operations on November 14.
Scammers move stolen funds through exchanges
According to SlowMist, it used its MistTrack to track the movement of the stolen funds. The firm revealed that the hackers have gained about $1 million in several digital assets from the crime. Investigations also show that the hackers also received bits of ETH from other wallets. The address was said to have provided transaction fees for the criminal’s crimes.
The address also transferred small ETH to other wallets, suggesting it may be part of a bigger plot to provide fees for addresses used in attacks. After the hackers gathered the funds, they moved them through centralized exchanges like Binance, MEXC, and others. Following that, the funds were then moved to different addresses, with the transactions going into other exchanges.
Once the funds get to those exchanges, they are then converted into USDT and other digital assets. The criminals have also used several complex methods to evade capture by laundering the funds through conversion to other tokens. SlowMist has warned users about the dangers these phishing links that lead to websites pose for users.