ChainCatcher message, according to a warning from SlowMist founder @evilcos, there have been recent targeted phishing attacks against important figures in the cryptocurrency space. Attackers are using fake Zoom meeting links, combined with deepfake technology to create realistic video meeting scenarios, to lure targets into downloading malware. Once they successfully control the target's device, attackers may steal cryptocurrency assets or related cloud platform permissions. Users are advised to verify whether the meeting link comes from the official domain (zoom.com or zoom.us) to avoid being deceived.

ChainCatcher message, Slow Mist tweeted to remind users to be vigilant against phishing attacks disguised as Zoom meeting links, where attackers use the domain "app[.]us4zoom[.]us" to impersonate legitimate Zoom meeting links. The webpage closely mimics the real Zoom meeting interface, and when users click the "Start Meeting" button, it triggers the download of a malicious installation package instead of launching the local Zoom client. Hackers collect user data and decrypt it to steal sensitive information such as mnemonic phrases and private keys. These attacks often combine social engineering and trojan techniques.