Sophisticated Zoom Malware drains $300k in Crypto as users get stuck in infinite loading loop

Since the pandemic, reaching out to somebody has taken on a whole new meaning. Today, online video connections like Zoom,Microsoft Teams, and Slack, are becoming very common. But unfortunately where users go, scammers follow suit. Over the years, crypto scams have presented themselves in different forms, from phishing, ponzi schemes, giveaway scams, investment scams. But now, all crypto scams have to use to activate their zoom phishing hook is just an innocuous Zoom meeting that is waiting for your click.

Tapping unto your social vulnerability

Crypto scams are now targeting crypto investors and NFT holders, like you and me. First, these scammers would slide into your DM through either Instagram, Facebook, X, or even Whatsap to invite you to be an angel investor or to join their team. But wait, they are not that easy to spot, you know. What if they pretended to be employees of well established companies, like Crypto.com or Coinbase, promising you great prospects if you agreed to the collaboration. Of course you would be tempted to jump on the call with them immediately, and this is exactly when they would strike! Upon agreeing to meet, these scammers would then send you malware, disguised as a Zoom meeting invitation. This form of psychological manipulation is called “social engineering,” and socially engineered crypto scams can even strike tech-savvy founders of crypto projects.

The art of redirection

Just like how a magician redirects your attention away from what they are actually doing, these scams similarly redirect your attention away from the faulty links. Clicking on a zoom meeting link might be such a second nature to us at this point, that we do not realize that by doing so we are allowing the virus to enter into our computer. This technique is so sleek and so subtle, that before you won’t even know what hit you. The story of Fred Velez was as such. He was reached out from his twitter with promises of building a portfolio together. With just one click, the portfolio that he has built over the past two years was all cleaned up.

Upon entering the zoom meeting, you will be directed to a page that mimics the zoom loading screen. But the page would appear to be stuck, displaying an endless loading animation. To resolve what seems to be a technical issue, users would be prompted to download the malware which was cleverly disguised as legitimate Zoom installation software. Once the malware is installed, it cleverly redirects them to the real zoom platform, making it seems that you have successfully resolved your technical issue.

Sneaking past your strongest wall of defence

You might think that you already have the best antivirus software running on your computer, and the malware would be blocked outside of the software’s defense. But this is where you are wrong, because this malware is able to add itself into your Windows Defender exclusion list, making it completely invisible to your computer's antivirus system from detecting it. It then begins executing and extracting all your information while you are totally oblivious to the attack. These scammers are so good at masking their identities and posing as crypto influencers to trick you into installing their malware.

What can you do to protect yourself?

With the growing trend of crypto-related scams, crypto users are advised to avoid clicking on any links that come from unknown sources, and to be careful of any links even if they seem to come from trusted sources. It is also imperative that you should verify the web address and ensure that every file is real before downloading and installing it.

Another important tip is also to look out for unexpected messages, especially about investing opportunities and collaboration requests. You should always do your own due diligence to make sure you find out who the person is sending you the message before you respond to it. And of course, you should never open files or links from unverified people.