Analysis Summary

A new cyberattack method targets cryptocurrency users by exploiting Zoom's remote-control feature. A hacking group named 'Elusive Comet' is behind these attacks, using social engineering to trick users into giving them access to their computers.

The attack begins with a fake invitation to a Zoom interview, often claiming to be from reputable sources like Bloomberg Crypto. These invitations are sent through social media or email, including links to schedule the meeting via Calendly.

During the Zoom call, the attacker shares their screen and sends a remote-control request. To deceive the victim, the attacker changes their display name to "Zoom," making the request seem like it's coming from the application itself. If the victim approves the request, the attacker gains full control over their computer.

With this access, the attacker can steal sensitive information, install malware, and even initiate cryptocurrency transactions. They may also install backdoors to maintain access to the system. This method is hazardous because the remote-control request looks similar to standard Zoom notifications, making it easy for users to approve without realizing the risk.

Impact

• Gain Access
• Sensitive Data Theft
• Financial Loss

Remediation

• Disable the remote-control feature in Zoom settings to prevent others from taking control of your screen.
• Implement system-wide policies that restrict accessibility permissions required for remote control, particularly on macOS systems.
• Use browser-based versions of Zoom instead of the desktop client in high-security environments to reduce potential vulnerabilities.
• Verify the identity of meeting participants before granting any control or access during a Zoom session.
• Regularly update Zoom and operating systems to ensure the latest security patches are applied.
• Limit the use of Zoom for sensitive operations and consider alternative communication tools with stricter security controls.
• Monitor for unusual activity during Zoom sessions, such as unexpected prompts or requests for control.
• Establish clear organizational policies regarding the use of remote-control features and enforce them consistently.
• Stay informed about emerging threats and adjust security practices accordingly to protect against new attack vectors.