Golden Finance reported that Slow Mist tweeted to remind users to be wary of phishing attacks disguised as Zoom meeting links. The attacker used the domain name "app[.]us4zoom[.]us" to pretend to be a legitimate Zoom meeting link. The webpage is very imitative. In the real Zoom meeting interface, when the user clicks the "Start Meeting" button, it will trigger the download of the malicious installation package instead of starting the local Zoom. Client-side, hackers collect user data and decrypt it to steal sensitive information such as mnemonic phrases and private keys. These attacks often combine social engineering and Trojan horse techniques.