Fake VCs target crypto talent
Contents
In a new investigation, Moonlock Lab has been tracking a malware campaign targeting cryptocurrency and Web3 professionals. The threat actors operate through fabricated venture capital identities, engage victims on LinkedIn with tailored job or partnership offers, and funnel them toward spoofed video conferencing links—fake Zoom and Google Meet pages—that serve as the delivery mechanisms for malicious payloads.
What makes this campaign noteworthy is the convergence of several trends in modern threat operations: advanced social engineering, cross-platform payload delivery, and the adoption of the ClickFix technique, a method that weaponizes user trust by disguising malicious command execution as a routine browser verification step.
Moonlock Lab presents its full investigation, along with practical recommendations to help people protect themselves from the attack.
Key findings
Here’s a rundown of the full findings we’ll be discussing in this report:
- A coordinated malware campaign is targeting cryptocurrency professionals through LinkedIn social engineering, fake venture capital firms, and fraudulent video …
What makes this campaign noteworthy is the convergence of several trends in modern threat operations: advanced social engineering, cross-platform payload delivery, and the adoption of the ClickFix technique, a method that weaponizes user trust by disguising malicious command execution as a routine browser verification step.
Moonlock Lab presents its full investigation, along with practical recommendations to help people protect themselves from the attack.
Key findings
Here’s a rundown of the full findings we’ll be discussing in this report:
- A coordinated malware campaign is targeting cryptocurrency professionals through LinkedIn social engineering, fake venture capital firms, and fraudulent video …
IoC
http://zoom.uswe05.us
http://zoom.07usweb.us
http://hedgeweeks.online
http://goog1e.us-meet.com
http://zoom.07usweb.us/homepage/
http://breakdream.com
http://dreamdie.com
https://zoom.us05-web.us/ft?topic=s
http://supportzm.com
http://calendly.com/hureivemykhail/with-solidbit-meeting
http://anatollibigdasch0717atgmail.com
http://mylingocoin.com
http://cmailer.pro
http://zoom.us07-web.us
https://hedgeweeks.online/ft?id=<encoded_id
http://lumax.capital
http://zoom.us05-web.us
http://support-zoom.us
http://zmsupport.com
http://07usweb.us
http://us07-web.us
[email protected]
755cc133ae0519accbcfdd5f8f0d9fe1aa08cbcb306c3e5f29ebcb6ac12d9323
9a778d2b7919717e95072e4dec01c815a5fd81f574b538107652d73d8dc874b6
2fbd34eed9dbf57a44cf1540941fb43a793be27e13e937299167b2b67cb84d6b
http://zoom.07usweb.us
http://hedgeweeks.online
http://goog1e.us-meet.com
http://zoom.07usweb.us/homepage/
http://breakdream.com
http://dreamdie.com
https://zoom.us05-web.us/ft?topic=s
http://supportzm.com
http://calendly.com/hureivemykhail/with-solidbit-meeting
http://anatollibigdasch0717atgmail.com
http://mylingocoin.com
http://cmailer.pro
http://zoom.us07-web.us
https://hedgeweeks.online/ft?id=<encoded_id
http://lumax.capital
http://zoom.us05-web.us
http://support-zoom.us
http://zmsupport.com
http://07usweb.us
http://us07-web.us
[email protected]
755cc133ae0519accbcfdd5f8f0d9fe1aa08cbcb306c3e5f29ebcb6ac12d9323
9a778d2b7919717e95072e4dec01c815a5fd81f574b538107652d73d8dc874b6
2fbd34eed9dbf57a44cf1540941fb43a793be27e13e937299167b2b67cb84d6b