{"id":84726,"date":"2024-07-23T00:42:54","date_gmt":"2024-07-23T04:42:54","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=84726"},"modified":"2024-07-23T00:42:57","modified_gmt":"2024-07-23T04:42:57","slug":"fake-zoom-malware-steals-crypto-while-appearing-to-load-user-warns","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/fake-zoom-malware-steals-crypto-while-appearing-to-load-user-warns\/","title":{"rendered":"Fake Zoom Malware Steals Crypto While Appearing to Load, User Warns"},"content":{"rendered":"\n

Crypto scammers use fake Zoom links to install malware and steal crypto, warns NFT collector<\/a> “NFT_Dreww.”<\/p>\n\n\n\n

\"Fake
Fake Zoom Malware Steals Crypto While Appearing to Load, User Warns<\/figcaption><\/figure>\n\n\n\n

The latest weapon of crypto fraudsters is malicious links that redirect users to a webpage resembling the video conferencing platform Zoom. Upon clicking on these links, they prompt users to install malware.<\/p>\n\n\n\n

NFT_Dreww, a cybersecurity engineer and collector of non-fungible tokens, informed X users of a new “extremely sophisticated” crypto scam on July 22. The scam featured bogus links for Zoom.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Drew clarified that, similar to numerous social engineering schemes, scammers frequently approach non-fungible token (NFT) holders or crypto whales<\/a>, inquiring as to whether they would be interested in licensing their intellectual property, inviting them to Twitter Spaces, or inviting them to join a team for a new project.<\/p>\n\n\n\n

Scammers will insist on utilizing Zoom and will compel the target to attend a meeting that is currently in progress by utilizing a malicious link that is difficult to detect.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The user will be presented with a “stuck” page that displays an infinite loading screen upon clicking the link. The user will be prompted to obtain and install ZoomInstallerFull.exe, which is actually malware.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Drew explained that the malware had already infiltrated the target computer and stolen the data and wealth when the page was redirected back to the official\u00a0Zoom platform\u00a0after installation, causing the user to believe that the installation was successful.<\/p>\n\n\n\n

To prevent antivirus systems from blocking the malware, it is added to the Windows Defender exclusion list upon its initial execution, per technologist “Cipher0091,” whom Drew also attributes to his X thread.<\/p>\n\n\n\n

Drew explained that the software will distract you with the “spinning loading page” and the process of accepting terms and conditions while it will then begin executing and extracting all of your information.<\/p>\n\n\n\n

He also stated that the scammers will continue to alter their domain names to avoid being flagged, and this was their fifth domain for this scheme thus far.<\/p>\n\n\n\n

Social engineering Cryptocurrency frauds are not novel; however, they are constantly changing. This week, numerous crypto community\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a> members have reported receiving malicious emails from fraudsters impersonating other crypto influencers<\/a> and executives.<\/p>\n\n\n\n

The email contains a pernicious attachment that, upon execution, is likely to install crypto-stealing malware.<\/p>\n","protected":false},"excerpt":{"rendered":"

Crypto scammers use fake Zoom links to install malware and steal crypto, warns NFT collector “NFT_Dreww.” The latest weapon of crypto fraudsters is malicious links that redirect users to a webpage resembling the video conferencing platform Zoom. Upon clicking on these links, they prompt users to install malware. NFT_Dreww, a cybersecurity engineer and collector of […]<\/p>\n","protected":false},"author":36,"featured_media":84732,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[132,20731,20730],"class_list":["post-84726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-crypto","tag-fake-zoom-malware","tag-user-warns"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2024\/07\/Phishing_Andrea_Danti_Alamy.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/84726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/36"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=84726"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/84726\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/84732"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=84726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=84726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=84726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}