Beware: Scammers Using Fake Zoom Links to Steal Your Crypto

Cybersecurity experts have recently uncovered a sophisticated scam targeting Zoom users, especially those involved in cryptocurrency and NFTs. Hackers are using fake Zoom links to trick users into downloading malware, resulting in significant financial losses. This scam has already led to the theft of over $300,000 in cryptocurrency.

How the Scam Works

Scammers approach potential victims by pretending to be interested in their intellectual property or proposing business collaborations. They insist on using Zoom for communication and send a link to join a meeting. The link appears legitimate but leads to a fake Zoom page. This fake page prompts users to download “ZoomInstallerFull.exe,” which is actually malware.

Once the malware is installed, it infiltrates the victim’s computer, redirects them to the real Zoom platform, and begins extracting information. This process is designed to be stealthy, making it difficult for victims to realise they have been compromised.

Technical Details

The malware disguises itself as a legitimate Zoom installer. When executed, it adds itself to the Windows Defender exclusion list, preventing the computer’s security software from detecting and blocking it. As the victim waits for the Zoom call to load, the malware is already at work, stealing sensitive information.

Scammers frequently change their domain names to avoid detection. For instance, legitimate Zoom links use the zoom.us domain, while the fake links use similar-looking domains like zoom.us50web.us or us50web-zoom.us. These subtle differences can easily trick users into believing the link is genuine.

Image source: Tech.co

Expert Warnings

Cybersecurity expert NFT_Dreww and other specialists have highlighted the sophistication of this scam. They emphasize that antivirus software alone is not sufficient to protect against such threats. Scammers use advanced tactics, including encryption and social engineering, to bypass traditional security measures.

Artem Irgebaev, a Smart Contract Triager at Immunefi, explained that antivirus software might not be effective if the malware is encrypted before being sent to the target. Sudipan Sinha, CEO of Chainrisk Labs, added that zero-day exploits and social engineering tactics pose significant challenges to cybersecurity defences.

How to Protect Yourself

1. Verify Links Carefully: Always double-check the URL of any Zoom link you receive. Look for subtle differences that may indicate a fake link.
2. Be Cautious with Unsolicited Opportunities: Be wary of unexpected business proposals or collaboration offers, especially from unknown contacts.
3. Update Security Software: Ensure your antivirus software is up to date but remember that it may not catch every threat.
4. Avoid High-Pressure Tactics: Scammers often use urgency to trick victims. Take your time to verify the authenticity of any communication.