Slow Mist: Be wary of phishing attacks disguised as Zoom meeting links, which will trigger the download of malicious installation packages

SlowMist tweeted to alert users to phishing attacks disguised as Zoom meeting links, in which attackers use the domain name of "app [.] us4zoom [.] us" to impersonate legitimate Zoom meeting links. The webpage closely mimics the real Zoom meeting interface. When users click the "Start Meeting" button, it triggers the download of malicious installation packages. Instead of launching the local Zoom client side, hackers collect user data and decrypt it to steal sensitive information such as mnemonic words and private keys. These attacks often combine social engineering and Trojan horse techniques.