A cybersecurity engineer who goes by the handle NFT_Dreww on social media has warned followers about a new sophisticated crypto scam that uses social engineering. The expert explained that the attackers are mainly targeting holders and creators of non-fungible tokens (NFTs). The scammers contact them and ask if they are interested in licensing their intellectual property, inviting them to Twitter Spaces or asking them to join a team for a new project.
The scammers insist that the potential victim connect to the Zoom platform for a video conference and send a malicious link. After clicking on the link, the user sees a frozen page with a loading screen. The user is then prompted to download and install ZoomInstallerFull.exe, which is actually malware.
Once installed, the user is redirected back to the official Zoom platform, but by that time the malware has already penetrated the target computer, and the scammers manage to steal user data and crypto assets. The security expert noted that when the malware is launched, it is added to the Windows Defender exclusion list so that the antivirus system cannot block it.
“The infected program starts extracting all your information while the user is distracted by the loading page. The scammers change domain names, they are currently on at least a fifth domain,” NFT_Dreww explained.
Recall that earlier this year, attackers stole $600,000 worth of crypto assets by exploiting a vulnerability in the digital marketing platform MailerLite. In July, the website of the DeFi protocol Compound Finance was also subjected to a phishing attack — scammers redirected users to a fake platform to steal their cryptocurrencies.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
