Analysts have reported a new surge in phishing attacks targeting crypto wallet owners. Fraudsters disguise phishing links as invitations to a Zoom video meeting, and when the victim clicks on this link, special software for data theft and crypto address hacking is downloaded to the device.
What else is known
For phishing links, hackers use a fake domain, for example app[.]us4zoom[.]us, which is as similar as possible to a real Zoom conference link. The site to which the phishing link redirects also resembles the Zoom resource. And after clicking the “Start conference” button The malware installation package is downloaded to Zoom.
In addition, the malware collects system information, browser and Telegram data, cookies, as well as seed phrases and crypto wallet keys. The information is then sent to servers controlled by the hackers.