A fake video conferencing software is reportedly being used to perform address-poisoning attacks to steal crypto assets from community members.
SlowMist founder Yu Xian shared a report from a community member and urged the community to be vigilant and not use unfamiliar software for video conferencing. According to Xian, fake software is being used to attempt to steal people’s digital assets.
X user shares encounter with job hunting scam
An X user with the account name maxlin.eth reported encountering a job-hunting scam. According to the community member, a scammer pretending to be from the human resources department of infrastructure development firm xLabs approached them using Telegram.
The scammer claimed to have seen the community member’s Web3 career and pretended to offer a marketing specialist role. According to the crypto user, xLabs’ reputation made the community member believe the attempt may have been legitimate.
The scammer avoided common tactics like directly sending a link to malicious software. Instead, the malicious actors used Zoom to conduct a fake job interview with a different person, making the community member believe the job offer was genuine.
After chatting for nearly half an hour about xLabs’ vision and products, lowering the guard of their potential victim, one of the scammers asked the user to switch to a different meeting software because the person who approached via Telegram could not join using Zoom.
Related: Crypto execs on DeFi domain hacks: Don’t interact with crypto for now
The user was asked to download a meeting software called Meetly, and when the user clicked on the link, they saw a seemingly very real conference screen but did not hear any sound.
Because of the errors, the scammers asked the user to download the software into their computer. However, after installing the application, the app kept freezing and would not work. The scammers ended the session as the application had already been downloaded.
After conducting research, the user discovered that the link shared by the scammers is widely reported online as a fraudulent website. Additionally, after reviewing the official website and LinkedIn profiles of xLabs, the user found no employees with the names of those who had approached them about the offer.
In addition, the company did not have an opening for a marketing specialist position, which was offered in the scammers’ meeting.
After finding more information, the crypto user transferred all their assets into different wallets and was able to prevent potential theft.
MonoSwap hackers deployed similar strategies
Hackers deployed a similar strategy during the breach of the decentralized exchange (DEX) and staking platform MonoSwap. On July 23, one of the platform’s developers installed a malicious application and was lured into a call by scammers posing as venture capitalists.
On the call, the scammers installed malicious software into the developer’s computer, which had access to the DEX's wallets and contracts. This enabled the hackers to withdraw staked liquidity from the exchange.
Magazine: Lazarus Group’s favorite exploit revealed — Crypto hacks analysis