zoom

According to Decrypt, Google's security team Mandiant recently released a report warning that a North Korea-related hacker group is using AI-generated deepfake videos and fake Zoom meetings to launch more targeted cyberattacks against cryptocurrency and fintech companies.The report noted that a hacker group known as UNC1069 (or CryptoCore) recently infiltrated a fintech company by initiating a fake Zoom meeting through a hijacked Telegram account, using a deepfake video of a well-known cryptocurrency executive to gain trust during the meeting.The attackers used "audio issues" as an excuse to lure the victims into running malicious commands, ultimately deploying seven different families of malware in their systems, aimed at stealing credentials, browser data, and session tokens. The organization primarily targets businesses and individuals in the cryptocurrency industry, including software companies, venture capital firms, and their employees.

The nonprofit organization Security Alliance warns that they are currently discovering multiple scam attempts initiated by North Korean hackers every day, with these attacks luring victims through fake Zoom meetings.The scam technique involves inducing victims to download malware during a "fake Zoom call," thereby stealing sensitive information, including passwords and private keys. Security researcher Taylor Monahan warns that this tactic has siphoned off over $300 million in assets from users.The scam typically begins with a message from a Telegram account, which often belongs to someone the victim "knows." Due to the familiar identity, the victim lets their guard down. The conversation then naturally transitions to an invitation to "catch up over Zoom." Once the call starts, the hacker pretends to encounter audio issues and sends a so-called "patch file." When the victim opens this file, malware is implanted on their device. The hacker then ends the fake call under the pretext of "rescheduling for another day."

ChainCatcher news, EurekaTrading founder Kuan Sun tweeted a review of how he nearly lost $13 million due to a phishing attack: On September 2, 2025, approximately $13 million in assets in his wallet were almost stolen by the Lazarus hacker group. The security team acted urgently and ultimately recovered the funds.The incident was triggered by what appeared to be a normal Zoom meeting invitation, which was actually a carefully arranged phishing trap. The hackers exploited "acquaintance" relationships, deepfake videos, and a forged Rabby plugin to tailor the attack against the victim, Venus. Under the mistaken belief in the fake plugin, the victim executed a withdraw, putting the assets at risk of being transferred along with liabilities. PeckShield, SlowMist, Venus, and multiple security teams responded quickly, pausing the protocol and investigating risks, ultimately preventing the theft of funds. Hardware wallets are not foolproof; there are still risks of plugin and frontend hijacking; Zoom links, upgrade pop-ups, and acquaintance relationships can all serve as entry points for attacks.

ChainCatcher message, according to the tracking data from the Web3 asset data platform RootData X, in the past 7 days, the cryptocurrency information tool Zoomer News has been the project with the most new followers among X (Twitter) Top personalities. New influential figures following this project include NFT collector Gmoney(@gmoneynft), crypto KOL CBB0FE(@Cbb0fe), and crypto analyst TylerD(@Tyler_Did_It).

ChainCatcher news, according to ZOOMER, the mysterious company Aqua 1, which donated $100 million to Trump's related project WLFI, has been revealed to be the malicious market maker Web3Port. Aqua 1 co-founder Dave Lee stated before the related news broke, "I found some factual errors in reports about myself and Aqua 1 today, and I have contacted the relevant journalists for clarification."Previously, Web3Port was accused of malicious market-making operations on one of its portfolio projects on Binance.

ChainCatcher news, according to Cointelegraph, cryptocurrency venture capital firm Hypersphere's investment partner Mehdi Farooq stated that after falling victim to a fake Zoom call phishing attack, funds from his 6 wallets were stolen, resulting in the loss of years of savings.Mehdi Farooq revealed that the attack began with a message from Alex Lin, whom he knew, on Telegram. The two had interacted before, so this contact seemed routine. The latter shared a meeting link, and after joining the scheduled Zoom meeting, he found there was no audio. Shortly after running an update, his system was compromised, and hackers "drained his years of savings" in just a few minutes.

ChainCatcher message, according to a warning from SlowMist founder @evilcos, there have been recent targeted phishing attacks against important figures in the cryptocurrency space. Attackers are using fake Zoom meeting links, combined with deepfake technology to create realistic video meeting scenarios, to lure targets into downloading malware. Once they successfully control the target's device, attackers may steal cryptocurrency assets or related cloud platform permissions. Users are advised to verify whether the meeting link comes from the official domain (zoom.com or zoom.us) to avoid being deceived.

ChainCatcher news, according to Cointelegraph, Manta Network co-founder Kenny Li revealed a highly sophisticated phishing attack. The attackers used video footage of real team members during a Zoom video call, attempting to lure him into downloading malware.Li stated that the other party's camera was on during the video call and the facial footage was real, but there was no sound. The system prompted him to update Zoom and download a script file, which raised his alert. He believes this attack may have been initiated by the North Korean state-sponsored hacker group Lazarus. After being asked to verify identity via Telegram, the attackers immediately deleted all messages and blocked him.

ChainCatcher news, according to Cointelegraph, Emblem Vault's CEO Jake Gallen was hacked after a suspicious Zoom video conference, resulting in a loss of over $100,000 in Bitcoin and Ethereum assets.It is reported that the attacker impersonated a YouTube blogger with over 90,000 subscribers, using Zoom's default remote access feature during a video interview to install malware named "GOOPDATE" on Gallen's computer. The cybersecurity company SEAL stated that the hacker group is known as "ELUSIVE COMET," which typically operates under the identity of Aureon Capital venture capital firm, causing millions of dollars in financial losses.SEAL security researchers recommend that cryptocurrency industry practitioners should promptly disable Zoom's remote access feature to prevent similar attacks.

ChainCatcher news, Semler Scientific Chairman Eric Semler stated that Zoom Communications ($ZM) should consider adopting Bitcoin as a treasury asset to boost its weak performance and shareholder returns. Semler pointed out that Zoom's stock price has fallen about 40% over the past three years and has underperformed the S&P 500 index by 84% over the past five years, with the current valuation at only a forward P/E ratio of 15 times and EV/EBITDA of 9 times.Despite having $7.7 billion in cash reserves (about one-third of its market value) and maintaining a 40% EBITDA profit margin, revenue growth has been sluggish, and future guidance indicates only low single-digit growth. Semler suggested that Zoom leverage its cash reserves and stable $2 billion annualized free cash flow to become a corporate holder of Bitcoin for long-term value growth, and called on CEO Eric Yuan to use his super voting rights to promote a Bitcoin strategy.

ChainCatcher message, Slow Mist tweeted to remind users to be vigilant against phishing attacks disguised as Zoom meeting links, where attackers use the domain "app[.]us4zoom[.]us" to impersonate legitimate Zoom meeting links. The webpage closely mimics the real Zoom meeting interface, and when users click the "Start Meeting" button, it triggers the download of a malicious installation package instead of launching the local Zoom client. Hackers collect user data and decrypt it to steal sensitive information such as mnemonic phrases and private keys. These attacks often combine social engineering and trojan techniques.

ChainCatcher message, according to Scam Sniffer monitoring, a victim lost 1 million dollars due to counterfeit Zoom malware, related to the us04-zoom[.]us threat actor. Currently, cases of private key theft malware are on the rise, and it is essential to strictly verify sources and conduct security scans before installation.

ChainCatcher news, according to News.bitcoin, the Ohio Department of Financial Institutions (DFI) recently announced that it has ordered the cryptocurrency exchange Coinzoom Inc. to immediately cease operations in the state. Coinzoom holds a money transmission license in Ohio and offers a variety of financial products, supporting over 30 cryptocurrencies.The directive took effect on August 1, prohibiting Coinzoom from accepting new business or assets from Ohio residents. However, existing customers in Ohio can still withdraw fiat or cryptocurrency assets. This suspension follows multi-state bank examinations, during which Ohio regulators were unable to verify Coinzoom's financial status due to incomplete or inaccurate financial records. The suspension will remain in effect until the DFI or a court modifies or lifts the order, and Coinzoom has requested an administrative hearing.

ChainCatcher news, the encryption information tool Zoomer News announced on Twitter that it has been acquired by the data visualization site VeloData. Zoomer News will continue to operate as usual while gradually integrating with Velo.

ChainCatcher news, according to FinSMEs, the Web3 document management software as a service provider ShelterZoom has completed a $5 million funding round, with the participating institutions undisclosed. The company claims that the total funding amount has exceeded $17.5 million to date, and the new funds will be used to expand into new markets and strengthen its Document GPS solution.ShelterZoom offers Document GPS, which supports the tokenization of document content to protect the ownership of original records, allowing businesses to track or revoke access to all sensitive data. Its Android app is currently available on Google Play. (source link)

ChainCatcher news, according to a letter signed by SBF's lawyer Mark Cohen, SBF's legal team and prosecutors have reached an agreement to modify the bail conditions regarding the former FTX CEO's use of electronic communications, allowing him to use various messaging applications, including FaceTime, Zoom, iMessage, text messages, emails, Facebook Messenger, and WhatsApp (where SBF's phone must have monitoring software installed to record WhatsApp messages).Previous reports indicated that a U.S. judge required SBF to be prevented from contacting current or former employees of FTX and employees of his trading company Alameda Research through means such as Signa, unless a lawyer is present or government permission is obtained. (CoinDesk)