Crypto Scam Alert: Fake Meeting Links, Malware Attacks, and Wallet Drains—Essential Security Defenses for Traders

A dual-phase crypto scam campaign is targeting traders and investors with malware and social engineering tactics. Initially, scammers distributed cracked, malware-infected TradingView Premium software on forums and Reddit, using trojans like Lumma Stealer and Atomic Stealer (AMOS) to steal passwords, two-factor authentication details, and crypto wallet credentials from both Windows and Mac users. Attackers then impersonated victims to spread phishing links, increasing their reach and resulting in significant wallet drains. The latest wave of attacks shifts to fake meeting invites, often disguised as legitimate Zoom links sent via Calendly or email. Posing as investors or media, scammers convince victims to download trojans such as Lumma Stealer, RedLine, or IcedID. These steal private keys, credentials, and session cookies for platforms like Telegram and Google, enabling attackers to drain crypto assets (e.g., BTC and TON) and hijack accounts for further abuse. Attackers may also exploit meeting features, like screen sharing, to gain remote control and accelerate asset theft. Victims are urged to disconnect compromised devices, revoke active sessions, move digital assets to new hardware wallets, re-authenticate accounts, and monitor blockchain or exchange activity. The article outlines six robust security recommendations: isolate devices used for meetings, download only from official sites, verify meeting URLs (use .zoom.us domain), never grant unauthorized remote access or share sensitive wallet data, keep hot and cold wallets separate, and enable two-factor authentication for all accounts. This evolving scam trend emphasizes that modern threats rely more on sophisticated social engineering than technical exploits, making vigilant security habits crucial for safeguarding digital assets and trading accounts.