Zoom Remote Control Feature Abused for Crypto Stealing Cyberattacks
Experts have warned that hackers are exploiting Zoom's remote desktop feature to steal people's cryptocurrency in a series of sophisticated cyberattacks. Trail of Bits, a cybersecurity research firm, has confirmed the attacks and attributed them to a group called "Elusive Comet," which mirrors the tactics used by notorious North Korean state-sponsored entity Lazarus.
According to the researchers, Elusive Comet targets high-value individuals who are often contacted for discussions on everyday events. The attackers use social media platforms like X to reach out to their victims and send them a Zoom invite via Calendly, pretending to be Bloomberg journalists. On Zoom, the attackers join with an account named "Zoom" and request remote control over the victim's account.
The victims receive a popup notification asking for permission to grant remote control of their screen, which may seem legitimate to those who have granted permissions without questioning it before. However, this similarity in design to other harmless Zoom notifications makes the attack particularly dangerous.
The Attack Process
Once the access is granted, the attackers move quickly to deploy a stealthy backdoor or other means of retaining access to the victim's computer. They then disconnect from the call and use the malware to access the victim's cryptocurrency wallets and siphon out any funds found inside.
A Pattern of Similarity
"The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," said Trail of Bits. This pattern of manipulation and exploitation is a hallmark of Lazarus's tactics.
Preventing Future Attacks
To mitigate the risk of such attacks, it is essential to exercise caution when granting people or apps remote access. It is crucial to be 100% certain that the person or app is benign before doing so.
"The best way to prevent falling victim to this type of attack is to not grant anyone remote control of your screen without verifying their identity first," said [Sead, a seasoned freelance journalist]. "It's always better to err on the side of caution when it comes to online security."
Protecting Yourself
To protect yourself from such attacks, consider using reputable cybersecurity platforms like Keeper. Keeper is a cybersecurity platform that offers features like zero-knowledge encryption, two-factor authentication, dark web monitoring, secure file storage, and breach alerts to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
Keeper Personal is available for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month. By using a platform like Keeper, you can significantly reduce the risk of falling victim to such attacks.
"Preferred partner" means that the platform has a partnership or affiliation with another company, in this case, Keeper.