Crypto scammers have unveiled a new trick, using a malicious Zoom look-alike to deceive users into installing malware. This scam mimics the video conferencing platform, making it appear as if a video call is stuck loading, thus prompting users to download and run harmful software.
Alert from Cybersecurity Experts
On July 22, NFT collector and cybersecurity engineer “NFT_Dreww” warned X users about this “extremely sophisticated” crypto scam involving fake Zoom links. According to Drew, the scammers have already stolen $300,000 worth of cryptocurrency through this method.
How the Scam Works
Similar to many social engineering scams, the attackers target NFT holders or crypto whales, often approaching them with offers to license their intellectual property, invitations to Twitter Spaces, or requests to join a new project team. The scammers insist on using Zoom and rush the target to join a meeting using a malicious link that is easy to overlook.
Once the link is clicked, the user sees an infinite loading screen. The page then prompts the user to download and install “ZoomInstallerFull.exe,” which is actually malware. After installation, the page redirects to the official Zoom platform, making the user believe that the process was legitimate. However, by this time, the malware has already compromised the target’s computer, stealing valuable data and cryptocurrency.
Also Read: Nigerian Crypto Star Blord Granted Bail Amid Fraud
Sophisticated Techniques to Evade Detection
Technologist “Cipher0091,” credited by Drew in his X thread, explained that when the malware is first executed, it adds itself to the Windows Defender exclusion list to evade antivirus detection. The malware then extracts all the user’s information while the fake Zoom page distracts the user with an infinite loading screen and fake Terms & Conditions acceptance processes.
The scammers continuously change domain names to avoid being flagged, and this is reportedly the fifth domain they have used for this particular scam.
Social engineering crypto scams are not new, but they are continually evolving. Several crypto community members have reported receiving malicious emails from scammers impersonating other crypto influencers and executives. These emails often contain attachments designed to install crypto-stealing malware if executed.
