Beware of Fake Conferencing Software Targeting Crypto Assets, SlowMist Founder Warns
Fake video conferencing software is being used to launch address poisoning attacks to steal crypto assets from community members.
SlowMist founder Yu Xian shared a report from a community member, urging the community to be vigilant and avoid using unusual software for video conferencing. According to Xian, counterfeit software is being used to steal people's digital assets.
X user shares links to job hunting scams.
User X with username maxlin.eth has experienced a job hunting scam. According to a community member, a scammer contacted them using Telegram claiming to be from the HR department of infrastructure development company xLabs.
The scammer pretended to have seen the community's Web3 work and had the role of a marketing specialist. As a crypto user, the reputation of xLabs led the community member to believe that the experiment was legitimate.
The scammer avoided common tactics such as sending direct links to malicious software. Instead, the malicious actors used Zoom to conduct a fake job interview with another person, leading the community member to believe the job offer was genuine.
After half an hour of chatting about xLabs' vision and products, lowering their guard, one of the scammers asked the user to switch to another meeting software because a person on Telegram couldn't join using Zoom.
Related: Crypto execs on hacking DeFi domain: Stay away from crypto for now
The user is prompted to download a meeting software called Meetly, and when the user clicks on the link, they see a very realistic looking conference screen, but no sound.
Due to the bugs, the scammers asked the user to download the software to their computer. However, after installing the app it kept freezing and not working. The scammers end the session as soon as the application is downloaded.
After doing some research, the user found that the link shared by the scammers was widely reported online as a scam website. Additionally, after reviewing xLabs' official website and LinkedIn profiles, the user did not find any employees with the names of the people who had been approached about the offer.
In addition, the company did not have an opening for the position of marketing specialist, which was presented at the meeting of the fraudsters.
After getting more information, the crypto user transferred all their assets to different wallets and was able to prevent potential theft.
MonoSwap hackers have deployed similar tactics.
Hackers deployed a similar strategy when they breached decentralized exchange (DEX) and staking platform MonoSwap. In the year On July 23, one of the forum's organizers was tricked by scammers who installed a malicious application and pretended to be a venture capitalist.
During the call, the fraudsters installed malicious software onto the developer's computer, which was supposed to access DEX wallets and contracts. This allowed the hackers to withdraw the compromised currency from the exchange.
Magazine: Lazarus Group's Favorite Exploit Revealed – Crypto Hacks Analysis
