Zoom meeting scam leads to $1M cryptocurrency theft

A phishing scam targeting cryptocurrency users has resulted in the theft of millions in digital assets, according to blockchain security firm SlowMist.

The attack involved fraudulent Zoom meeting links designed to trick victims into downloading malware that compromised sensitive information, including cryptocurrency wallet details.

The phishing campaign used a fake domain resembling the authentic Zoom website to deceive users.

Once victims downloaded and executed a malicious file, the malware collected crucial data such as system passwords, KeyChain information, and browser credentials.

SlowMist discovered that the malware used a modified osascript script to encrypt and transmit the stolen data to a server controlled by hackers.

The server’s IP address traced back to the Netherlands, and evidence of Russian script usage suggests the involvement of Russian-speaking cybercriminals.

The hackers’ primary wallet received over $1 million, which was then converted into 296 ETH (CRYPTO:ETH) and transferred to a secondary address.

These funds were moved across multiple crypto exchanges, including Binance, Gate.io, and MEXC, via smaller wallets and flagged addresses linked to the "Angel Drainer" and "Pink Drainer" tags.

“This scheme combines social engineering and Trojan techniques, leaving users vulnerable,” SlowMist’s Security Team noted.

They urged users to verify meeting links before clicking, avoid running unknown software, and regularly update antivirus programs to protect against such threats.

Phishing scams have surged recently, with experts reporting over $9.4 million lost in November 2024 alone due to similar attacks.

The increasing frequency of these scams shows the ongoing threat of malware in the cryptocurrency space, including high-profile thefts exceeding $36 million.