151/68 Thursday, April 24, 2025
A hacker group known as Elusive Comet has been exposed for using social engineering tactics, specifically exploiting the Remote Control feature in Zoom to trick victims into granting control of their computers. The group targets high-value cryptocurrency users, according to cybersecurity firm Trail of Bits, which noted that the group’s methods are similar to those used by Lazarus, the North Korean-linked threat actor behind the $1.5 billion Bybit crypto theft in February.
The scheme begins with fake interview invitations posing as representatives of Bloomberg Crypto, sent via fake X (Twitter) accounts or email, requesting a Zoom meeting. The meeting links are sent through Calendly, a legitimate scheduling platform, increasing the credibility of the invitation. Once in the Zoom meeting, the hackers request screen sharing and send a remote control request, cleverly renaming themselves in Zoom to “Zoom” so the prompt reads “Zoom wants to control your screen.” This makes the request appear as a standard system notification, leading many victims to approve it without suspicion.
Once control is granted, the hackers can access sensitive data, install malware, open files, or even execute cryptocurrency transactions immediately. They may also implant backdoors for future access. Trail of Bits warns that the danger of this attack lies in the use of legitimate tools and authentic-looking prompts. The firm advises organizations with high cybersecurity sensitivity or those managing significant digital assets to avoid installing the Zoom application entirely and instead use the web version. Additionally, it recommends implementing Privacy Preferences Policy Control (PPPC) to mitigate the risks of such attacks.
