Fake Zoom malware steals crypto while it’s ‘stuck’ loading, user warns

[Yamane_Keto]

Once installed, the page will redirect back to the official Zoom platform, making the user believe it worked, but by then, the malware has already infiltrated the target computer and stolen the data and loot, explained Drew.

source https://cointelegraph.com/news/fake-zoom-malware-steals-crypto-while-stuck-loading-user-warns

scammers have become very smart. The phishing link is very similar to the real link, after which you are directed to a page that remains stuck and you are asked to download an application similar to the Zoom application that adds itself to the Windows Defender exceptions list to prevent anti-virus systems from blocking it.

[yhiaali3]

Apparently we are seeing a growing wave of cryptocurrency scams via social engineering by receiving emails or impersonating influencers and executives. Fraudsters are constantly innovating new methods and improving their fraudulent skills.

I was really intrigued by this type of hacking that relies on a combination of social engineering and camouflage by giving the user the illusion of a normal installation while the suspicious program runs in the background and adds itself to the Windows Firewall.

The best solution is for people to refrain from installing any program from a source that is not 100% reliable, and to avoid clicking on links in emails or social media messages.

[Yamane_Keto]

The best solution is for people to refrain from installing any program from a source that is not 100% reliable, and to avoid clicking on links in emails or social media messages.

These programs have become smart enough to bypass firewalls and anti-virus programs, so you should limit yourself to downloading trusted or open source programs and make sure that you are in the correct domain.

[dkbit98]

Let me take a wild guess without reading any details, this malware works only on wind0ws operating system 
I have seen similar cases posted in bitcointalk forum and all of them include some kind of .exe file that first needs to be installed.
wind0ws OS is one big malware and closed source spyware black box.

[KingsDen]

I do not quite understand this infographics. Was it trying to show the fake url being overlapped by the correct URL?

scammers have become very smart. The phishing link is very similar to the real link, after which you are directed to a page that remains stuck and you are asked to download an application similar to the Zoom application that adds itself to the Windows Defender exceptions list to prevent anti-virus systems from blocking it.

Scammers are just negatively smart... I will not be proud to call that smartness, they are innovative in the wrong lane. A developer that can do this type of expensive fishing could also do other better things to earn a living.

[Yamane_Keto]

I do not quite understand this infographics. Was it trying to show the fake url being overlapped by the correct URL?

phishing link begins with Zoom DOT us50web DOT us, and is sent via chat after starting a real Zoom call. If you are in a hurry, it will be difficult to notice that it is a phishing link.

[KingsDen]

I do not quite understand this infographics. Was it trying to show the fake url being overlapped by the correct URL?

phishing link begins with Zoom DOT us50web DOT us, and is sent via chat after starting a real Zoom call. If you are in a hurry, it will be difficult to notice that it is a phishing link.

Oh!
Now I understand better... These guys are just being innovative everyday. We just need to be extremely careful in this space.

[bitterguy28]

The best solution is for people to refrain from installing any program from a source that is not 100% reliable, and to avoid clicking on links in emails or social media messages.

these suspicious links are usually sent in fishy websites and emails so make sure that you check from where these messages are coming from and ignore anything suspicious better yet block and report any user who sends you messages and spams make sure to not open anything unreliable

thanks to op for bringing awareness because a lot of scams and hacks can be avoided if we just know the real domains and safe links

[yhiaali3]

The best solution is for people to refrain from installing any program from a source that is not 100% reliable, and to avoid clicking on links in emails or social media messages.

these suspicious links are usually sent in fishy websites and emails so make sure that you check from where these messages are coming from and ignore anything suspicious better yet block and report any user who sends you messages and spams make sure to not open anything unreliable

thanks to op for bringing awareness because a lot of scams and hacks can be avoided if we just know the real domains and safe links

Yes, it is true, but in such cases it is difficult to know the safe links because these new types use social engineering where the user is first deceived through the conversation that the link that was sent is safe, so you must pay close attention to this point and deal with extreme caution with this space full of scammers.

[Lucius]

The best solution is for people to refrain from installing any program from a source that is not 100% reliable, and to avoid clicking on links in emails or social media messages.

These programs have become smart enough to bypass firewalls and anti-virus programs, so you should limit yourself to downloading trusted or open source programs and make sure that you are in the correct domain.

It's not that the programs have become smarter, but the thing is that people can never wise up and realize that nothing happens by itself, but that they themselves are mostly to blame for such things. If your AV and firewall warns you that something is wrong and that you should not allow a download or installation, then in most cases you should listen and not give permission for such an action. Of course, false detections can always happen, but if someone already has protection, then it should be allowed to do its job.

[Yamane_Keto]

these suspicious links are usually sent in fishy websites and emails so make sure that you check from where these messages are coming from and ignore anything suspicious better yet block and report any user who sends you messages and spams make sure to not open anything unreliable

It would be easier to spot this way but what happened is part of a social attack where they make a recruitment call and make up an excuse to hang up and then send you a phishing link, you probably won't pay attention to the URL details and will click on it.

If your AV and firewall warns you that something is wrong and that you should not allow a download or installation, then in most cases you should listen and not give permission for such an action. Of course, false detections can always happen, but if someone already has protection, then it should be allowed to do its job.

Sometimes it gives the impression that the links are safe but the virus database is not up to date.

[Cantsay]

It would be easier to spot this way but what happened is part of a social attack where they make a recruitment call and make up an excuse to hang up and then send you a phishing link, you probably won't pay attention to the URL details and will click on it.

If this had happened to me I definitely would have fell for it because I actually didn’t know the real url of zoom (before coming across this thread) - so if they had used this method of canceling their google meet and switching to zoom meeting impromptu and then sharing links I won’t have bothered to double check if it was correct or not.

Thanks for sharing.

[yhiaali3]

It's not that the programs have become smarter, but the thing is that people can never wise up and realize that nothing happens by itself, but that they themselves are mostly to blame for such things. If your AV and firewall warns you that something is wrong and that you should not allow a download or installation, then in most cases you should listen and not give permission for such an action. Of course, false detections can always happen, but if someone already has protection, then it should be allowed to do its job.

Unfortunately this is true, most of the cases that happen are due to users allowing the malware to install and give it permissions due to ignorance, greed or haste.

A few days ago I received an email that appeared to be from the PreSearch to distribute an airdrop to old members according to what they have in their wallets, the message claims that each user will get about 43,000 PRE tokens which is worth about $600, everyone who clicked on the link and connected their wallet and gave permission to the malicious site was exposed to hacking their wallet and stealing their assets.

[Crwth]

It is quite confusing to be honest. If I were to get something like that, I think I would be confused as well, but thank you for this information. I think I would be more careful with the Zoom link.

[Lucius]

If your AV and firewall warns you that something is wrong and that you should not allow a download or installation, then in most cases you should listen and not give permission for such an action. Of course, false detections can always happen, but if someone already has protection, then it should be allowed to do its job.

Sometimes it gives the impression that the links are safe but the virus database is not up to date.

A good AV will upgrade its database of AV definitions at least once every 24 hours, and even if some definitions are not in the database, a good AV will always protect you through heuristic analysis. Of course, you need to spend a little more money for good AV, and most people use free or cheap AV programs that actually do more harm than good.