Fake Zoom Calls Steal $300M in Crypto from Unsuspecting Victims

• North Korean hackers are launching multiple fake Zoom scams daily, stealing over $300 million from cryptocurrency users worldwide.
• Scammers compromise Telegram accounts to contact victims as trusted friends, then send malware disguised as Zoom audio patches.

Cybersecurity analysts are raising the alarm about a complex scam against cryptocurrency users by using fraudulent Zoom video calls organized by North Korean hackers. According to Security Alliance, a nonprofit cybersecurity organization, such attacks are currently happening several times a day, and victims lose access to their digital property and personal data.

How the Sophisticated Scam Operates

The sophisticated attack starts with hackers gaining access to Telegram accounts and calling victims under the guise of known friends, as reported by security researcher Taylor Monahan of SEAL. The victims are sent friendly messages indicating that they should have a catch-up chat through Zoom, which gives them a false sense of safety due to the familiarity of the compromised contact.

Upon receiving the call, targets are shown what can be interpreted as legitimate video footage of familiar faces, but the videos are actually recycled videos used in prior hacks. Then the criminals state that there is an audio problem that is interrupting the meeting and transmit a purported patch file to correct the technical problems that are affecting the conversation.

By downloading and opening this file, malware instantly infects the devices of the victims, providing hackers with access to passwords, cryptocurrency private keys, and other confidential company data. To keep the cover, the attackers simply hang up and say that they would meet at another time, which does not raise any suspicion at the time when their malware is running.

Monahan cautions that this approach has already cost more than three hundred million dollars in unsuspecting victims in the cryptocurrency sector and beyond.

Immediate Steps to Protect Yourself

Any person who has ever clicked on suspicious links when using doubtful Zoom calls should instantly shut off the internet connection and turn off the device in question. Victims are advised to use another, uncompromised device to move all cryptocurrency to newly created wallets and change passwords on all accounts with two-factor authentication turned on. The infected computer needs to be wiped of memory completely and then reused to ensure that all traces of malware are eliminated from the system.

It is essential to secure Telegram accounts: users need to close all running sessions, change passwords as soon as possible, and use or update their multifactor authentication options as soon as possible. Monahan points out that the victims should inform their contacts as soon as possible so that the hackers do not use the compromised accounts to attack other victims systematically.

Highlighted Crypto News Today: 

Saylor Eyes Bitcoin Buy as Price Drops Below $88K Mark