Zoom remote control feature abused for crypto stealing cyberattacks

6 days ago 2

Zoom's usage lives up to its name (Image credit: Shutterestock)

Cybercriminals are inviting victims to talk to "journalists"
On the Zoom call, they're asked to grant permissions for remote access
Those that grant the permissions lose their crypto

Hackers are abusing Zoom’s remote desktop feature to steal people’s cryptocurrency, experts have warned.

Cybersecurity researchers Trail of Bits claim to have seen the attack in the wild, focusing on “high-value targets,” people who the media would often contact for comments and discussion on everyday events. The attackers would reach out via social media (X, for example), and send them a Zoom invite via Calendly, pretending to be Bloomberg journalists.

On Zoom, the attackers would join with an account named “Zoom”, and request remote control over the victim’s account. The victims would see a popup saying “Zoom is requesting remote control of your screen” which, for those used to granting permissions without thinking twice, might seem like a legitimate request from a legitimate app.

Elusive Comet

"What makes this attack particularly dangerous is the permission dialog's similarity to other harmless Zoom notifications," Trail of Bits said.

"Users habituated to clicking "Approve" on Zoom prompts may grant complete control of their computer without realizing the implications."

Once the access is granted, the attackers would move fast, deploy a stealthy backdoor or other means of retaining access, and then disconnect from the call.

The last step is to use the malware to access the victim’s cryptocurrency wallets and siphon out any funds found inside.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The researchers named the group “Elusive Comet” and said the methodology is most likely copied from Lazarus, the infamous North Korean state-sponsored entity that targets crypto businesses.

"The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," Trail of Bits said in its report.

To mitigate the risk, it would be best not to grant people or apps remote access, unless you’re 100% certain the person is benign.

Via BleepingComputer

NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article