The "Zoom Conference" infiltrated the crypto wallet
Several users became victims of phishing software disguised as a Zoom application. The attackers have already earned over $1 million in various cryptocurrencies from this. Analysts at SlowMist analyzed the attack.
The victims received links to a video conference, and the page that opened precisely imitated the Zoom interface. In reality, it initiated the download of malware capable of stealing system information, browser cookies, Telegram account data, seed phrases, and keys to cryptocurrency wallets.
The address examined by experts received more than $1 million in USD0++, MORPHO, and ETH. Small amounts were transferred to 8800 associated wallets, which are presumably used for paying fees. The majority of the stolen funds — 296.45 ETH — were sent to a new address. Its balance at the time of writing was 32.81 ETH.
SlowMist established that funds from the last wallet were sent to Binance, MEXC, FixedFloat, and other exchanges.
The IP address of the hacker's server is located in the Netherlands and is currently flagged by threat analysis platforms as malicious.#BtcNewHolder
