​Hackers Exploit Zoom Remote Control for Crypto Theft

Elusive Comet Targets Crypto Traders via Zoom

The hacking group Elusive Comet exploits Zoom’s remote control feature to infiltrate cryptocurrency traders’ systems. Posing as venture capitalists, they lure victims into Zoom meetings and request remote access, leading to malware installation and theft of crypto assets.

This sophisticated scheme showcases the growing threat to crypto traders, emphasizing the need for enhanced vigilance and careful scrutiny of any Zoom invitations, especially from unfamiliar contacts.

North Korean Hackers Behind Crypto Heists?

Attribution of the Elusive Comet campaign points to North Korean threat actors. Their sophisticated social engineering tactics and use of legitimate platforms like Zoom mirror previous operations associated with North Korea’s Lazarus Group.

Crypto investors must remain extra cautious when dealing with unfamiliar individuals or receiving unsolicited meeting invitations, as these scams often use highly persuasive tactics to gain trust and install malware.

Zoom’s Remote Control Feature Abused

Zoom’s remote control feature, designed for collaboration, is being exploited by cybercriminals. Victims unknowingly grant remote access during Zoom calls, allowing attackers to install malware and exfiltrate sensitive information.

Users are often unaware that they’re granting access to cybercriminals, thinking they’re simply sharing their screen. To stay safe, always verify the legitimacy of the meeting host and disable remote control unless absolutely necessary.

Phishing Emails Lure Victims into Calls

Attackers initiate contact through phishing emails, impersonating media representatives or venture capitalists. These emails contain links to fake Zoom meetings, where victims are prompted to share their screen and grant remote access.

Once access is granted, they can steal sensitive data or install malware. Always verify the source of Zoom invitations and avoid clicking links in unsolicited emails, especially if they promise urgent business opportunities.

Zoom Scams Hit Crypto Industry

Cybercriminals offer fake media opportunities, such as podcast interviews, to entice cryptocurrency professionals. Once the victim agrees, they are invited to a Zoom call where remote control access is requested under the guise of collaboration.

These scams often prey on ambitious individuals looking to expand their exposure, emphasizing the importance of scrutinizing unexpected invitations. If in doubt, directly confirm the authenticity of the opportunity with the organization or individual inviting you.

Malware Installed Post Remote Access

After gaining remote access, attackers install information-stealing malware or remote access trojans (RATs) on the victim’s device.

These malicious programs can exfiltrate sensitive data or allow future unauthorized access. Crypto traders and investors must use endpoint security software and always be cautious about granting remote access, even in seemingly professional contexts.

Scammers Build Trust to Break It

The Elusive Comet group employs advanced social engineering tactics, including creating fake identities and establishing a credible online presence. This approach increases the likelihood of victims trusting and engaging with their schemes.

Awareness of these sophisticated tactics is crucial; always verify any contact or meeting request, especially when the invitation seems too good to be true or comes from an unfamiliar source.

Zoom’s Display Name Feature Misused

Attackers manipulate Zoom’s display name feature, changing their name to “Zoom” to make remote control requests appear as system notifications. This tactic exploits the victim’s trust in the platform’s interface.

Before granting remote access, always confirm the identity of the individual requesting it, even if the request looks like it’s coming from Zoom’s own system. Don’t be fooled by false appearances.

Why Firewalls Can’t Stop Elusive Comet?

Elusive Comet’s attack strategy bypasses traditional cybersecurity measures by exploiting user behavior, rather than software vulnerabilities. This makes it harder for technical defenses like firewalls or anti-malware software to detect the threat.

By using social engineering, attackers manipulate victims into granting remote access, which is far more difficult to guard against. Users must be aware that technical defenses alone are not enough; human vigilance is key in protecting against such attacks.

Zoom’s Remote Control Feature Explained

Zoom’s remote control feature allows one participant to control another’s screen during a meeting. While useful for collaboration, it can be exploited by malicious actors if users unknowingly grant access.

It is essential for users to know how to disable this feature when it is not needed so that they can avoid potential risks and ensure it’s only used for legitimate purposes to prevent unauthorized access.

Even Experts Aren’t Immune to Scams

Cybersecurity firm Trail of Bits encountered Elusive Comet’s tactics firsthand when their CEO was targeted with a fake interview invitation. Recognizing the signs of a social engineering attack, they reported the incident.

​This highlights the importance of awareness in the cybersecurity community. The encounter also led to further research into defending against these types of attacks, providing valuable insights into how these scams operate and how to prevent them.

Zoom’s Security Measures Under Scrutiny

Zoom has faced criticism over security lapses, including vulnerabilities that allowed unauthorized access to meetings. The company has since implemented measures to enhance security, but challenges remain.

Users must remain cautious and avoid granting remote control unless absolutely necessary. Enabling features like waiting rooms and restricting meeting access can also help prevent unwanted intrusions.

Remote Access Scam Drains Wallets

The ultimate goal of these Zoom remote control scams is to steal cryptocurrency. Once attackers gain access, they can transfer funds from victims’ wallets to their own accounts. These attacks can result in significant financial loss, as cryptocurrency transactions are often irreversible.

Crypto traders and investors must stay vigilant by regularly monitoring their wallets, using hardware wallets for storage, and only trusting verified platforms when conducting transactions.

Zoom’s Role in Remote Collaboration

Zoom’s remote control feature facilitates remote collaboration by allowing users to share control of their screen. However, when misused, it can lead to unauthorized access and data theft.

Always verify who is requesting remote control and use features like two-factor authentication to enhance security during virtual meetings, reducing the risk of unauthorized access.

Preventative Measures for Users

Users can protect themselves by being cautious of unsolicited Zoom invitations, verifying the identity of meeting hosts, and avoiding granting remote control unless absolutely necessary.

Enable Zoom’s security features, like requiring a password for entry and disabling remote control by default. Additionally, educate yourself about common phishing tactics and always scrutinize emails or meeting links, especially if they come from unknown sources or seem too good to be true.

If you want to know if your phone is safe then read this; How to Check If Your Phone Was Hacked.

Ongoing Threat to Cryptocurrency Community

The Elusive Comet campaign continues to pose a significant threat to the cryptocurrency community. Ongoing vigilance and awareness are crucial to preventing further incidents of crypto theft via Zoom’s remote control feature.

Regular security audits, awareness training, and updated defenses are essential to mitigating these evolving risks and protecting sensitive crypto assets from exploitation.

Hackers are targeting every cryptocurrency from Bitcoin to the trending trump coin. Click on this link to read about how; Hackers Use $TRUMP Tokens in New Phishing Scam.

What do you think about this? Let us know in the comments, and don’t forget to leave a like.

Read More From This Brand:

• Fake Tech Jobs Used by North Korean Hackers
• WhatsApp Under Siege by Russian Hackers
• Hackers Target Unpatched ServiceNow Bugs

Don’t forget to follow us for more exclusive content right here on MSN.

If you liked this story, you’ll LOVE our FREE emails. Join today and be the first to get stories like this one.