Beware of Fake Zoom Domains: Scammers Steal Millions Using Malicious Software
The world of the Web3 industry is truly vast, and its potential seems limitless. This field opens doors to new technologies, opportunities, and benefits. However, like any rapidly developing space, it also has its downsides. At Coinmooner, we believe it’s important to highlight these risks and warn our readers so they can stay more vigilant and protected. Today, we want to share the details of one such threat in this news article.
A recent fraud case is another reminder of how scammers exploit users' trust. They created a phishing domain, app[.]us4zoom[.]us, which mimicked the official website of the popular video conferencing service Zoom. On this fake site, victims were tricked into clicking the "Launch Meeting" button, automatically downloading a malicious file named ZoomApp_v.3.14.dmg onto their devices. Once installed, this file launched a script called ZoomApp.file, which prompted users to enter their system password.
What happened next followed a pre-planned scheme. The installed script created a hidden file, ZoomApp, which secretly extracted sensitive data from the device. Among the stolen information were cookies, credentials for cryptocurrency wallets, and login and password details for Telegram accounts. This gave attackers access to personal information and digital assets, making the consequences of the attack even more devastating.
According to data from analysts at SlowMist, this malware can decrypt data, locate system plugins, and seize accounts on the victim's device. The stolen information was then compressed into an archive and sent to the hackers' server. This allowed attackers to use the stolen data to gain complete control over victims’ crypto wallets. The scheme has been active since November 2024 and has already caused multimillion-dollar losses.
Millions Lost to Hackers: The Story Behind the app[.]us4zoom[.]us Domain
Researchers managed to trace one of the cryptocurrency wallets linked to this scheme. It held stolen assets worth over $1 million. These funds were later converted into 296 ETH and transferred to cryptocurrency exchanges Binance and Bybit. Additionally, another wallet was identified, which sent small amounts of Ethereum to nearly 8,800 different addresses. In one incident in November, a victim lost Gigachad (GIGA) cryptocurrency tokens worth over $6 million after following a similar phishing link that imitated Zoom’s interface.
Cybersecurity experts from SlowMist strongly urge users to exercise maximum caution when interacting with links online. They recommend thoroughly verifying links before clicking on them, avoiding downloading suspicious files and software, and ignoring any suspicious instructions, especially those requiring entering personal data. Simple precautionary measures can save you from significant losses.
It’s worth noting that SlowMist previously warned about the dangers posed by scammers on social media. For example, they reported that 80% of comments under tweets from crypto projects on the social network X (formerly Twitter) are made by scammers attempting to lure users into their traps.
Coinmooner hopes this article helps our readers understand how such schemes work and take timely measures to avoid falling victim to them. CoinMooner also wants to remind everyone that in the Web3 industry, it is crucial to use the most advanced security methods and pay extra attention to your safety. Only by doing so can you minimize risk and protect your data and financial assets.