Russian Hackers Behind Trending Zoom Link Phishing Attack

Blockchain security firm SlowMist has analyzed the trending phishing attacks involving hackers that mimic the Zoom online meeting platform, using the process to steal crucial data of victims and, in some cases, their crypto assets. In a recent post, SlowMist highlighted a victim’s experience and explained how the criminals operate.

屋漏偏逢连夜雨

早上起来发现推特被盗了，找回推特后，发现钱包被盗了，损失 1 M Usd0++ ，钱应该是找不回了

事件逻辑是昨晚黑客伪装了一个推特，一眼看过去没问题，通过我的推特互动信息，伪装我是 XX…

— Lsp (@lsp8940) December 24, 2024

The cited case involved a user on X who hackers lured into clicking on a disguised link that looked like an invitation to an online meeting on Zoom. Narrating his ordeal, the victim stated that the hackers hijacked his accounts and stole his cryptocurrencies. Hence, he advised users to be vigilant and avoid clicking on unverified links.

Although he contracted the help of a blockchain expert, the victim acknowledged that the chance of recovering the stolen funds was low. However, he believes his story would go a long way to prevent other crypto users from falling victim to similar antics, considering the relentless efforts the hackers are making to hijack internet users’ online accounts.

In its analysis, SlowMist found that clicking the “Launch Meeting” button in the fake Zoom link downloaded a malicious installation package instead of opening the local Zoom client. The downloaded data contained a login script that sent messages via a Telegram API in Russian.

SlowMist shared several images, showing aspects of the malicious content while explaining how it works to steal users’ data. It is worth noting that the attack process becomes activated after users input their passwords following prompts by the malicious component. Hence, the security firm advised internet users to be vigilant and cautious while responding to information from unverified sources.

SlowMist’s report showed the hacker under scrutiny had profited over $1 million from various victims at the time of the analysis.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

Source