This morning, I saw several WeChat groups discussing how @lsp8940 encountered a fake Zoom link and lost 1M USD (https://x.com/lsp8940/status/1871350801270296709). This reminded me of a similar incident I experienced on the 18th. An outsider privately messaged me to collaborate, and after a few discussions, we scheduled a Zoom meeting at 9 PM. When the time came, the outsider sent me a link to the meeting room, as follows:
https://app.us4zoom.us/j/8083344643?pwd=seyuvstpldar6ugeEtcGGury936qBCQr#success
(Important note: This is a phishing link, do not click! Do not click! Do not click!)
When I saw this link, I found it a bit strange; the domain is us4zoom, which looks somewhat unofficial. However, since I had never used Zoom before, I wasn't sure. I then went to Google and Perplexity to search and found that the official website is zoom.us, which does not match the domain given by the scammer.
The link provided by the scammer prompts you to download an installation package. The downloaded file is quite small, significantly differing in size from a normal installation package, as shown below:
Analyzing this trojan file exceeds my capabilities, and GPT cannot provide practical help; this part of the analysis requires professional security personnel to take over. However, it can be speculated that this trojan scans key files for upload, such as local files of browser extension wallets. I remember that in 2021, it was possible to recover private keys from the local files of MetaMask, provided you knew the set password or could brute-force it.
From this incident, we can draw several conclusions:
The scammer is casting a wide net; @cutepandaweb3 also tweeted today about encountering the same scam.
This is the same scammer; from @lsp8940's recap tweet, we can see that the fake Zoom meeting links we both received are exactly the same.
https://x.com/lsp8940/status/1871426071499100630
Be cautious with private messages from strangers on Twitter, especially if the stranger has not tweeted before and your mutual friends do not follow them.
Try to set complex passwords for browser extension wallets, so that when the browser's extension files are leaked, it increases the difficulty of being cracked.
Safety is no small matter; I hope everyone avoids falling into traps.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
