Zoom Scams: Blockchain Security Firm Uncovers New Hacker Tricks

A Zoom scam involving phishing Zoom meeting links has led several crypto users to notable financial losses.

According to a Dec. 27 report from blockchain security firm SlowMist, hackers created a fraudulent domain mimicking Zoom, “app[.]us4zoom[.]us,” to trick users into downloading malicious software. After user installation, hackers deploy the malware to capture every keystroke the owner makes, including passwords, mail, private keys, and wallet information.

Fraudulent Zoom Domain Used to Distribute Malware

The replicated phishing website encouraged users to click on the ‘Launch Meeting’ option, inviting the user to a Zoom meeting, but hideously began downloading a dangerous software package titled ‘ZoomApp_v.3.14.dmg’. Then, it obtained encrypted assets on victim devices, such as password-protected wallet phrases and Telegram details.

Leveraging this, hackers could steal cryptocurrency from the affected wallets, with SlowMist estimating losses through these Zoom scams in the millions.

Zoom Scam Cases

SlowMist discovered the address of one perpetrator who stole more than $1 million. Then, they converted the funds into Ethereum (ETH) and transferred them through MEXC, Bybit Binance, and Gate.io exchanges.

The stolen laundered crypto assets were eventually moved to different addresses and then transferred to exchanges like FixedFloat and Binance, where they were traded for other tokens or converted to stablecoins like Tether (USDT). SlowMist indicates that the attackers’ backend system was based in the Netherlands, suggesting that Russian scripts were used for these malicious acts.

Further investigation also found that the Telegram API integration enabled attackers to track user engagement and capture sensitive information.

Other Crypto Scams

There have been cases of other crypto scam types lately. For instance, a recent report by blockchain security platform Cyvers showed that financial losses caused by another scam type (crypto entry scams) in 2024 have risen to $3.6 billion.

While the total figure for Zoom scams has yet to be established, this SlowMist findings suggest its vast impact on the cryptocurrency sector, especially the substantial financial losses.