With the growing trend of crypto scams, crypto users are advised to be very careful when clicking on any link, even if it seems to come from trusted sources.
By Temitope Olatunji
Edited by Julia Sakovich
Updated
3 mins read
Crypto scams are becoming more alarming in the digital currency industry, and bad actors are devising new means to steal people’s money. Cyber security expert on X, NFT_Dreww.eth, alerted users about a new, very convincing trick these bad actors are using: a fake Zoom website that looks real, targeting crypto investors and NFT holders.
According to NFT_Dreww.eth, the scammer’s methods are similar to every other trick. They start by asking potential victims a series of persuading questions, such as whether they want to be angel investors or join their team. After that, they invite the target to a Zoom meeting or a partnership opportunity, providing a malicious link that appears to be an actual Zoom meeting.
Dreww further explained that once the target clicks on the link, they will be directed to what seems like Zoom and stuck in an infinite loading loop. Then, the page will instruct the user to download and install a file called “ZoomInstallerFull.exe.” which is harmful software. He added that, during the download period, the software will look very real as users will even sign terms and conditions. The expert said:
“Wwhen you begin the download process it all seems legit, accepting T&Cs, hitting start, etc. Then once you download it, it proceeds to spin some more and then it actually redirects you to the legit real zoom[.]us url to make it seem like it was just a glitch or taking forever to load… However in the meantime the nasty malware has already executed and done its job.”
Thus, the malware adds itself to the Windows Defender exclusion after it gets installed, so the antivirus can’t find it. It then begins to steal victim information. Once done, it redirects the victim to the main Zoom site, making them think everything worked normally.
According to the cybersecurity expert, the scammers behind this attack have already stolen over $300,000 through this method. They constantly change the domain names used to host the malicious website, making it harder to track and block. He stated:
“This is actually their 5th domain so far…. Its a cat and mouse game attempting to take down all the domains versus getting the signatures and malware tagged as such for all engines to throw warnings regardless of domain.”
With the growing trend of crypto scams, crypto users are advised to be very careful when clicking on any link, even if it seems to come from trusted sources. NFT_Dreww.eth advised that people should always verify the web address and ensure every file is real before downloading and installing it.
Crypto investors and NFT owners must also be on the lookout for unexpected messages, especially about investing opportunities or collaboration requests. They should check who sent the message before responding, and never open files or links from unverified people.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
Temitope is a writer with more than four years of experience writing across various niches. He has a special interest in the fintech and blockchain spaces and enjoy writing articles in those areas. He holds bachelor's and master's degrees in linguistics. When not writing, he trades forex and plays video games.
