Crypto users fall prey to potential Russia-linked hackers

Cybercriminals are once again exploiting trusted tools for malicious gain.

This time, a phishing campaign focused on fake Zoom meeting links has left victims counting massive cryptocurrency losses.

Fake zoom invites masking malware

A recent report by blockchain security firm SlowMist detailed a sophisticated phishing campaign targeting cryptocurrency users using fake Zoom meeting links. The attack reportedly resulted in the theft of millions of digital assets.

It involved using a fraudulent domain similar to the real one. This site mimicked the genuine Zoom interface to trick unsuspecting victims into downloading a malicious installation package. Once executed, the malware asked users to enter their system passwords which allowed the collection of sensitive information such as KeyChain data, browser credentials and cryptocurrency wallet details.

After analysis, SlowMist said it identified the malware code as a modified osascript script. The script extracted and encrypted user data before transmitting it to a hacker-controlled server flagged as malicious by threat intelligence platforms.

The server’s IP address was traced to the Netherlands, and the attackers’ monitoring tools, including logs showing the use of Russian script, suggest a connection to Russian-speaking operatives.

Chain tracking via SlowMist’s MistTrack tool revealed that the hackers’ main wallet accumulated more than $1 million, turning the stolen assets into 296 ETH. Further transfers resulted in a secondary address that is now linked to transactions through popular crypto exchanges such as Binance, Gate.io and MEXC. A complex network of smaller wallets and marked addresses, including those labeled “Angel Drainer” and “Pink Drainer,” facilitated the dispersal of funds.

“These types of attacks often combine social engineering and Trojan techniques, making users vulnerable to exploitation. SlowMist’s security team advises users to carefully verify meeting links before making click, which avoid running unknown software and commands, install antivirus software and update it regularly.

Phishing scams are reaching alarming highs

Lately there has been an increase in crypto phishing scams. Earlier this month, a fraudulent work meeting link sent through KakaoTalk caused one person to lose $300,000 in cryptocurrency. The funds compromised by the malware were transferred to a wallet associated with BingX. The link installed malware and compromised Ethereum and Solana wallets.

Another blockchain security expert, Scam Sniffer, reported that more than $9.4 million was lost to phishing attacks in November alone. Malicious blockchain signatures remain a primary threat, as fraudsters use fraudulent transaction permissions to deplete wallets, including high-profile heists exceeding $36 million.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

LIMITED OFFER for CryptoPotato Readers on Bybit – Use this link to register and open a FREE $500 position with any currency!