SlowMist has highlighted a new phishing scam targeting cryptocurrency users, disguised as fake Zoom meetings to distribute malware that steals sensitive data.
Extent of the Phishing Attack
According to SlowMist, the attackers used a sophisticated phishing technique involving a domain that mimicked the legitimate Zoom domain. The phishing website 'app[.]us4zoom[.]us' closely resembled the genuine Zoom website interface.
Data Theft Methods
Victims are prompted to click a 'Launch Meeting' button, expecting to start a Zoom session. Instead, it initiates the download of a malicious file 'ZoomApp_v.3.14.dmg,' which, once executed, requests the user's system password and begins collecting sensitive information, such as browser cookies and cryptocurrency wallet credentials.
Movement of Stolen Funds
Using the MistTrack tool, SlowMist investigated the movement of stolen funds. The hacker's address, identified as 0x9fd15727f43ebffd0af6fecf6e01a810348ee6ac, has received over $1 million in cryptocurrency. These funds were transferred through several platforms, including Binance and Gate.io, and ultimately converted into other cryptocurrencies.
This new attack highlights the importance of being cautious when using online platforms and services. Users must remain vigilant to avoid falling victim to such scams.
