Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
Cryptocurrency scammers distribute malicious links that allegedly lead to the Zoom video conferencing platform. Scammers have already stolen $300,000 worth of crypto assets.
A cybersecurity engineer who uses the pseudonym NFT_Dreww in the social network X has warned subscribers about a new sophisticated crypto scam using social engineering. The expert explained that attackers mainly target holders and creators of non-fungible tokens (NFTs). Scammers contact them and ask if they are interested in getting a license for their intellectual property, inviting them to Twitter Spaces or inviting them to join the team for some new project.
Scammers insist that the potential victim connect to the Zoom platform for video conferencing, and send a malicious link. After clicking on the link, the user sees a "frozen" page with a loading screen. The user is then prompted to download and install ZoomInstallerFull.exe which is actually malware.
After installation, the user is redirected back to the official Zoom platform, but by then the malware has already penetrated the target computer, and fraudsters manage to steal user data and crypto assets. The security expert noted that when malware is launched, it is added to the Windows Defender exception list so that the antivirus system cannot block it.
"The infected program starts extracting all your information, while the user is distracted by the download page. Scammers change domain names, now they have used at least the fifth domain," explained NFT_Dreww.
A cybersecurity engineer who uses the pseudonym NFT_Dreww in the social network X has warned subscribers about a new sophisticated crypto scam using social engineering. The expert explained that attackers mainly target holders and creators of non-fungible tokens (NFTs). Scammers contact them and ask if they are interested in getting a license for their intellectual property, inviting them to Twitter Spaces or inviting them to join the team for some new project.
Scammers insist that the potential victim connect to the Zoom platform for video conferencing, and send a malicious link. After clicking on the link, the user sees a "frozen" page with a loading screen. The user is then prompted to download and install ZoomInstallerFull.exe which is actually malware.
After installation, the user is redirected back to the official Zoom platform, but by then the malware has already penetrated the target computer, and fraudsters manage to steal user data and crypto assets. The security expert noted that when malware is launched, it is added to the Windows Defender exception list so that the antivirus system cannot block it.
"The infected program starts extracting all your information, while the user is distracted by the download page. Scammers change domain names, now they have used at least the fifth domain," explained NFT_Dreww.
