A clever phishing campaign that utilises fake Zoom meeting links resulted in the theft of millions of cryptocurrencies.
According to reports, phishing operators have taken advantage of users’ daily habits and confidence in using the communication platform to distribute malware that infects devices and steals sensitive data, especially crypto wallets.
The fake Zoom meeting links redirect traffic to a malicious domain.
Investigations showed that the threat actors designed the phishing URLs for the fake Zoom meeting links to pose as a legitimate and harmless invitation. However, these URLs redirect visitors to a counterfeit domain, “app[.]us4zoom[.]us,” which closely resembles the genuine Zoom interface.
In addition, once the victim clicks the “Launch Meeting” button, it will download a malicious installation package instead of starting the Zoom client. The researchers also noted that the site’s backend logs show that Russian-language scripts monitor downloads using the Telegram API.
After downloading and running the bogus Zoom app, the campaign prompts the users to provide their system credentials. The malicious malware used a script called “ZoomApp.file” to run additional code, eventually launching a concealed executable file called “.ZoomApp.”
This program systematically harvests sensitive data, such as system information, browser data, cryptocurrency wallet keys, telegram and notes data, and cookies and keychain passwords.
This acquired data is then compressed and transferred to a hacker-controlled server. Furthermore, the researchers claimed that this campaign has already stolen almost $1 million in ETH, USD0++, and MORPHO.
The stolen assets were also allegedly exchanged for 296 ETH, a portion of which was then laundered through platforms including Binance, Gate.io, and Swapspace. Further assessment of the operation also discovered a supporting address suspected of serving as a transaction fee provider by moving massive amounts of ETH to over 8,800 addresses.
Users should be more vigilant and employ basic methods to avoid such campaigns. Some of these mitigation tactics include checking the meeting links, avoiding running unknown files or procedures, implementing trusted AV solutions, and utilising multi-layered security protocols.
These attacks combine social engineering and phishing techniques to deceive users. Therefore, everyone should know the recommendations for avoiding phishing attempts.