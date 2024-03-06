Here’s one more reason to cancel the Zoom meeting.

Last week, Brian Krebs from KrebsOnSecurity reported how malicious hackers are seizing on an everyday hybrid work challenge: a problem with the videoconference link.

The cagey tactic reveals a sought-after target—crypto—and the crafty way bad actors get it, by building trust through interaction and trusted tools.

What happened: KrebsOnSecurity reported a fake investor, whose Telegram profile showed he was connected to a well-established investment firm in Singapore, reached out to set up an appointment with a target, a pro “in the cryptocurrency scene” (Krebs calls him “Doug”). Doug sent an invite via scheduling platform Calendly. On the day of the meeting, after Doug’s meeting link didn’t work, the “investor” claimed to have problems with the link, and instead offered a different teleconference option, which led Doug to download a script, which executed malicious code on his macOS system.

Crypto crypto crypto: A December 2023 post from cryptocurrency security firm SlowMist, which Krebs cited in his Feb. 28 post, demonstrated similar tactics from North Korea affiliated hackers known as the Lazarus Group: impersonating investment institutions, targeting DeFi teams, and sending trojan links to supposedly solve videoconference problems.

“After establishing communication, the hackers try to convince the team to download a script, falsely claiming it’s necessary for setting up a meeting,” the SlowMist post read.

“Lazarus Group is the primary hacking group that we see attacking the crypto platform,” Erin Plante, VP of investigations at Chainalysis, told IT Brew recently.

From January 2020 to February 2024, scammers got away with a total of $75.3 billion in stolen crypto, according to a new report from University of Texas at Austin. The study cites a particular trust-building, long-game scam known frequently and harshly as “pig butchering,” which refers to farmers fattening up animals for slaughter.

Impersonation-ally: Not satisfied with just sending an email, malicious hackers continue to deploy personal tactics that establish trust—posing as couriers and customer-service reps, as well as crypto investors. Not falling for the phishing lures and impersonators calls for a less technical, more skeptical approach:

“A good rule of safety to live by is this: If you didn’t go looking for it, don’t install it,” Krebs advised.