CyberSecurity news
FlagThis
Bill Toulas@BleepingComputer
//
A new wave of sophisticated cyberattacks is targeting individuals and organizations, with the threat actor known as ELUSIVE COMET exploiting a little-known Zoom feature to steal millions in cryptocurrency. The attacks leverage Zoom's remote control functionality, initially designed for accessibility, to gain unauthorized access to victims' computers during seemingly legitimate business calls. ELUSIVE COMET, identified by the Security Alliance, has incorporated this feature into their social engineering attacks, targeting individuals within the cryptocurrency community, impersonating venture capital firms, podcast hosts, and even Bloomberg Crypto representatives.
The attack unfolds with attackers contacting potential victims via Twitter DMs or email, inviting them to participate in Zoom video conferences. During screen sharing, the attackers request remote control access while simultaneously changing their display name to "Zoom" to mimic a system notification. If victims, often distracted, grant permission, the attackers gain full control of the computer, enabling them to install malware, exfiltrate sensitive data, or steal cryptocurrency. One notable victim, Jake Gallen, CEO of NFT platform Emblem Vault, reportedly lost around $100,000 and control of his accounts after his computer was compromised using this technique.
Security experts are advising users to disable the Zoom remote control feature if it is not needed, as well as the entire Zoom accessibility suite. Trail of Bits, a cybersecurity research firm whose CEO was also targeted, recommends a multi-layered defense strategy. This includes aggressive machine learning prevention settings, mandatory upgrades to the latest macOS versions, hardware security keys for Google Workspace accounts, company-wide password management, and a preference for Google Meet over Zoom due to its stronger security features. Organizations can also deploy Privacy Preferences Policy Control (PPPC) profiles to prevent exploitation of this vulnerability.
ImgSrc: www.bleepstatic
References :
The attack unfolds with attackers contacting potential victims via Twitter DMs or email, inviting them to participate in Zoom video conferences. During screen sharing, the attackers request remote control access while simultaneously changing their display name to "Zoom" to mimic a system notification. If victims, often distracted, grant permission, the attackers gain full control of the computer, enabling them to install malware, exfiltrate sensitive data, or steal cryptocurrency. One notable victim, Jake Gallen, CEO of NFT platform Emblem Vault, reportedly lost around $100,000 and control of his accounts after his computer was compromised using this technique.
Security experts are advising users to disable the Zoom remote control feature if it is not needed, as well as the entire Zoom accessibility suite. Trail of Bits, a cybersecurity research firm whose CEO was also targeted, recommends a multi-layered defense strategy. This includes aggressive machine learning prevention settings, mandatory upgrades to the latest macOS versions, hardware security keys for Google Workspace accounts, company-wide password management, and a preference for Google Meet over Zoom due to its stronger security features. Organizations can also deploy Privacy Preferences Policy Control (PPPC) profiles to prevent exploitation of this vulnerability.
ImgSrc: www.bleepstatic
Share:
References :
- cyberinsider.com: Zoom’s Remote Control Feature Exploited in ELUSIVE COMET Attacks
- Cyber Security News: Zoom Remote Control Feature Exploited to Access Victims’ Computers—with Permission
- www.helpnetsecurity.com: The Zoom attack you didn’t see coming
- cyberpress.org: Zoom Remote Control Feature Exploited to Access Victims’ Computers—with Permission
- Cyber Security News: Hackers Leverage Zoom’s Remote Control Feature to Gain Users’ System Access
- Risky.Biz: Risky Bulletin: Zoom has a remote control feature and crypto thieves are abusing it
- Risky Business Media: Risky Bulletin: Crypto-thieves abuse Zoom's remote control feature
- CyberInsider: Zoom’s Remote Control Feature Exploited in ELUSIVE COMET Attacks
- cybersecuritynews.com: Hackers Leverage Zoom’s Remote Control Feature to Gain Users’ System Access
- bsky.app: Newsletter: https://news.risky.biz/risky-bulletin-zoom-has-a-remote-control-feature-and-crypto-thieves-are-abusing-it/ -Crypto-thieves abuse secret Zoom remote control feature
- ciso2ciso.com: CISO2CISO reports on North Korean Cryptocurrency Thieves Caught Hijacking Zoom
- BleepingComputer: Hackers abuse Zoom remote control feature for crypto-theft attacks
- www.scworld.com: Zoom Remote feature exploited in North Korean crypto theft operations
- www.bleepingcomputer.com: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- The DefendOps Diaries: The 'Elusive Comet' Cyber Threat: A Deep Dive into Cryptocurrency Attacks
- bsky.app: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. https://www.bleepingcomputer.com/news/security/hackers-abuse-zoom-remote-control-feature-for-crypto-theft-attacks/
- BleepingComputer: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- bsky.app: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- Anonymous ???????? :af:: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- SecureWorld News: Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists
- BleepingComputer: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- Malware ? Graham Cluley: Smashing Security podcast #414: Zoom.. just one click and your data goes boom!
- Malwarebytes: Zoom attack tricks victims into allowing remote access to install malware and steal money
- www.itpro.com: Hackers are using Zoom’s remote control feature to infect devices with malware
- malware.news: Zoom attack tricks victims into allowing remote access to install malware and steal money
- bsky.app: A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines.
- hackread.com: Hackers Use Zoom Remote-Control to Steal Crypto
- blog.trailofbits.com: Experts observed an ongoing Elusive Comet campaign targeting individuals interested in cryptocurrency through the remote control feature in Zoom.
- Smashing Security: Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life.
- The Register - Security: Elusive Comet is using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call.
Classification:
- HashTags: #ZoomSecurity #CryptoTheft #SocialEngineering
- Company: Zoom
- Target: Cryptocurrency Professionals
- Attacker: Elusive Comet
- Product: Zoom
- Feature: Remote Control
- Type: Hack
- Severity: Major