Cybercriminals are once again exploiting trusted tools for malicious gains.
This time, a phishing campaign centered around fake Zoom meeting links has left victims counting massive losses in cryptocurrency.
Fake Zoom Invites Mask Malware
A recent report by blockchain security firm SlowMist detailed a sophisticated phishing campaign targeting cryptocurrency users through fake Zoom meeting links. The attack has reportedly resulted in the theft of millions of digital assets.
It involved the use of a fraudulent domain resembling the authentic one. This site mimicked the genuine Zoom interface to trick unassuming victims into downloading a malicious installation package. Once executed, the malware prompted users to enter their system passwords which enabled the collection of sensitive information such as KeyChain data, browser credentials, and cryptocurrency wallet details.
Upon analysis, SlowMist said that it identified the malware’s code as a modified osascript script. The script extracted and encrypted user data before transmitting it to a hacker-controlled server flagged as malicious by threat intelligence platforms.
The server’s IP address was traced to the Netherlands, and the attackers’ monitoring tools, including logs showing Russian script usage, suggest a connection to Russian-speaking operatives.
On-chain tracking through SlowMist’s MistTrack tool revealed that the hackers’ primary wallet amassed over $1 million, converting stolen assets into 296 ETH. Further transfers led to a secondary address which is now linked to transactions across popular crypto exchanges such as Binance, Gate.io, and MEXC. A complex network of smaller wallets and flagged addresses, including those tagged “Angel Drainer” and “Pink Drainer,” facilitated fund dispersal.
“These types of attacks often combine social engineering and Trojan techniques, making users vulnerable to exploitation. The SlowMist Security Team advises users to carefully verify meeting links before clicking, avoid executing unknown software and commands, install antivirus software, and update it regularly.”
Phishing Scams Hit Alarming Highs
There has been a surge in crypto phishing scams lately. Earlier this month, a fraudulent work meeting link sent via KakaoTalk caused a person to lose $300,000 in cryptocurrency. The malware-compromised funds were transferred to a BingX-associated wallet. The link installed malware and compromised Ethereum and Solana wallets.
Another blockchain security expert, Scam Sniffer reported over $9.4 million was lost in phishing attacks in November alone. Malicious blockchain signatures remain a top threat, as scammers exploit fraudulent transaction permissions to drain wallets, including high-profile thefts exceeding $36 million.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
