温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.bee.com/ar/37762.html
点击访问原文链接

How did a fake zoom link successfully steal 1M funds? | Bee Network

进入原网站 导航首页
How did a fake zoom link successfully steal 1M funds? | Bee Network Login الأخبار الشائعة منصة إطلاق ميمي وكلاء الذكاء الاصطناعي ديسي مستكشف السلسلة الأعلى لنوبي 100x عملات معدنية لعبة النحل المواقع الأساسية يجب أن يكون لديك التطبيق مشاهير التشفير ديبين الناشئين الأساسية كاشف الفخ الأدوات الأساسية المواقع المتقدمة التبادلات أدوات NFT أهلاً، خروج عالم الويب 3 ألعاب تطبيق خلية نحل منصة النمو إعلان يبحث إنجليزي إعادة شحن العملات تسجيل الدخول تحميل ويب 3 يوني ألعاب تطبيق خلية نحل إعلان بيتتحليل•النص الرئيسي How did a fake zoom link successfully steal 1M funds?تحليلمنذ 1 سنة (2024)جديدوايت 36٬7011 34 When I woke up in the morning, I saw several WeChat groups spreading the news that @lsp 8940 encountered a fake zoom link and 1M USD was stolen ( https://x.com/lsp8940/status/1871350801270296709 ). This reminded me that I encountered a similar thing on the 18th. At that time, a foreigner sent me a private message asking for cooperation. We communicated several times and then made an appointment to chat in a zoom meeting at 9 pm. When the time came, the foreigner sent me a link to a conference room, as shown below

https://app.us4zoom.us/j/8083344643?pwd= seyuvstpldar 6ugeEtcGGury 936 qBCQr #success

(Important reminder, this is a phishing link, don鈥檛 click! Don鈥檛 click! Don鈥檛 click! )

I felt a little strange when I saw this link. The domain name was us4zoom , which looked a bit irregular, but I had never used zoom before so I was not sure. Then I searched on Google and perplexity and found that the official website was zoom.us, which did not match the domain name given by the scammer.

The link provided by the scammer will download an installation package. The downloaded file is a bit small and is much smaller than the normal installation package size, as shown below

When you open the fake zoom installation package, you will find an obvious problem. Normal software installation basically asks you to click Continue all the way, and then the installation is completed. For example, the interface of the real zoom installation package is as shown in the figure

The installation interface of the fake zoom installation package is as follows

What the hell is this? Why do they ask us to drag the Zoom.file file into the terminal to execute it? This is obviously a problem. I opened Zoom.file with a text editor and found that it was a bash script, but I couldn鈥檛 understand the content at all. It looked like it was encrypted.

But I was not afraid. I threw the entire content to gpt and asked gpt to help me analyze the script.

Gpt told me that this code was hidden by base 64 encoding. After decoding, I found that the main function of this script is to copy the Trojan file .ZoomApp from the installation package to the /tmp directory for execution. Because this Trojan file is hidden, it is not visible by default.

The analysis of this Trojan file is beyond my ability, and gpt cannot provide practical help. This part of the analysis requires the relay of professional security personnel. However, it can be speculated that this Trojan will scan key files for upload, such as the local files of the browser plug-in wallet. I remember that in 21 years, the private key can be recovered from the local files of metamask, provided that the set password is known or brute force cracking is used.

We can draw several conclusions from this incident:

1. The scammers are casting a wide net. @cutepanda web3 also tweeted today that he encountered the same scam.

2. This is the same scammer. From @lsp 8940 鈥檚 replay tweet, we can see that the fake zoom meeting links we both received are exactly the same.

https://x.com/lsp8940/status/1871426071499100630

3. Be cautious about private messages from strangers on Twitter, especially if the stranger has never tweeted and your mutual friends don鈥檛 follow him.

4. Try to set the browser plug-in wallet password to be more complex, so that when the browser plug-in file is leaked, it will increase the difficulty of cracking.

Safety is no small matter, I hope everyone will avoid falling into traps.

This article is sourced from the internet: How did a fake zoom link successfully steal 1M funds?

Related: LBank Labs 2024 Meme Track Research: Breaking the Circle and Rebirth, From Controversial Narratives to the 100 Billion T introduction As the crypto market matures and the industry landscape continues to evolve, Meme Coin has developed into an emerging market with a market value of over $100 billion, relying on its unique value capture model and community consensus. Against the backdrop of market volatility and a tightening regulatory environment, its resilience and vitality have triggered in-depth reflections on its core value in the industry. In order to fully grasp the development context and future trends of the Meme track, LBank Labs, MetaEra and نحلة Network jointly released the 2024 Meme Track Research: Breaking the Circle and Rebirth, From Controversial Narratives to the 100 Billion Track research report. This in-depth research report, through a systematic analysis of market size, ecological pattern, infrastructure construction, exchange layout and other dimensions, presents in…

تحليل ## ويب 3© 版权声明المصفوفة 上一篇 Forbes 7 predictions for 2025: More major countries will deploy Bitcoin reserves, and the total market value of cryptocu 下一篇 Economic Calendar for Cryptocurrency Traders Week 52, 2024 相关文章 KTX is officially launched, featuring unified account architecture and MEME project-friendly 6086cf14eb90bc67ca4fc62b 29٬619 9 24H Hot Coins and News | Trump said he has not considered a meeting with Musk; Plasmas $500 million public offering was 6086cf14eb90bc67ca4fc62b 30٬299 1 حارAI Agent becomes the main theme of the market, 22 crypto projects collectively enter the market 6086cf14eb90bc67ca4fc62b 137٬750 5 Gate.io Launches GateLive Space to Explore Real-Time Crypto Conversation Space 6086cf14eb90bc67ca4fc62b 39٬740 1 When the NFT bubble bursts, who will still be able to tell the “IP story” well? 6086cf14eb90bc67ca4fc62b 16٬644 It’s 2025, and VCs don’t want to invest in crypto-native projects anymoreRecommended Articles 6086cf14eb90bc67ca4fc62b 22٬018 6 1 تعليق يجب عليك تسجيل الدخول لتترك تعليق! تسجيل الدخول على الفور #Beeliever2IRUBI6 ضيف أنا

منذ 1 سنة (2024) Bee.com أكبر بوابة Web3 في العالم الشركاء كوين كارب بينانس CoinMarketCap كوين جيكو كوين لايف الدروع قم بتنزيل تطبيق Bee Network وابدأ رحلة web3 ورق ابيض الأدوار التعليمات © 2021-2026. جميع الحقوق محفوظة. سياسة الخصوصية | شروط الخدمة تحميل تطبيق Bee Network وابدأ رحلة web3 أكبر بوابة Web3 في العالم الشركاء CoinCarp Binance CoinMarketCap CoinGecko Coinlive Armors ورق ابيض الأدوار التعليمات © 2021-2026. جميع الحقوق محفوظة. سياسة الخصوصية | شروط الخدمة يبحث يبحثفي الموقععلى تشيناجتماعيأخبار العنوان: صيادو الإنزال الجوي تحليل البيانات مشاهير التشفير كاشف الفخ العربية English 繁體中文 简体中文 日本語 Tiếng Việt 한국어 Bahasa Indonesia हिन्दी اردو Русский العربية

智能索引记录