Subj : Zoom remote control feature abused for crypto stealing cyberattac To : All From : TechnologyDaily Date : Wed Apr 23 2025 13:30:09 Zoom remote control feature abused for crypto stealing cyberattacks Date: Wed, 23 Apr 2025 12:28:00 +0000 Description: Hackers are impersonating both Bloomberg and Zoom in a brand new social engineering attack. FULL STORY ======================================================================Cybercri minals are inviting victims to talk to "journalists" On the Zoom call, they're asked to grant permissions for remote access Those that grant the permissions lose their crypto Hackers are abusing Zooms remote desktop feature to steal peoples cryptocurrency, experts have warned. Cybersecurity researchers Trail of Bits claim to have seen the attack in the wild, focusing on high-value targets, people who the media would often contact for comments and discussion on everyday events. The attackers would reach out via social media (X, for example), and send them a Zoom invite via Calendly, pretending to be Bloomberg journalists. On Zoom, the attackers would join with an account named Zoom, and request remote control over the victims account. The victims would see a popup saying Zoom is requesting remote control of your screen which, for those used to granting permissions without thinking twice, might seem like a legitimate request from a legitimate app. Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data. It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats. Preferred partner ( What does this mean? ) View Deal Elusive Comet "What makes this attack particularly dangerous is the permission dialog's similarity to other harmless Zoom notifications," Trail of Bits said. "Users habituated to clicking "Approve" on Zoom prompts may grant complete control of their computer without realizing the implications." Once the access is granted, the attackers would move fast, deploy a stealthy backdoor or other means of retaining access, and then disconnect from the call. The last step is to use the malware to access the victims cryptocurrency wallets and siphon out any funds found inside. The researchers named the group Elusive Comet and said the methodology is most likely copied from Lazarus, the infamous North Korean state-sponsored entity that targets crypto businesses. "The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," Trail of Bits said in its report. To mitigate the risk, it would be best not to grant people or apps remote access, unless youre 100% certain the person is benign. Via BleepingComputer You might also like NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/zoom-remote-control-feature-abused-for- crypto-stealing-cyberattacks --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .