The Security Alliance is putting out an alert for high profile users to be aware of a new crime group that is using Zoom to trick users into allowing remote access in order to install malware.
Once the malware or RAT is installed, the attackers can steal cryptowallet funds, take over accounts or other assets.
The group, dubbed ELUSIVE COMET but also known to operate as Aureon Capital, Aureon Press and The OnChain Podcast have created a carefully engineered backstory and history of accounts in order to convince their targets into accepting their requests, including active social media accounts that impersonate real people with legitimate credentials and polished websites.
The group typically approaches victims with media opportunities to get them interested, then sets up a Zoom meeting.
During the Zoom video call, they keep their screens switched off but will then send a remote control request with their screen name switched to ‘Zoom’ so it appears as though the app itself is requesting control of the system.
Those who are rushed, distracted or less tech savvy may assume it is a valid request and accept and now the attacker has full control of the victim’s system.
According to reports, two recent attempts involve attackers approaching CEOs on X, then using a third-party booking system. The attackers created fake accounts including a history of posts and videos, YouTube accounts and have an audience that convinced one of their victims to agree to an interview, during which digital assets from Bitcoin and Etherum wallets were stolen and their Gmail, Twitter (X) and other accounts were taken over.
The other potential target noticed that some of the branding for the accounts wasn’t consistent and backed out after seeing some of the data gathered on the group on the Security Alliance advisory. However, the group has gone through great lengths to create a sense of legitimacy to convince their targets to agree to Zoom calls.
How to stay safe
Don’t accept Zoom calls from people you don’t know. Or when using Zoom, disable remote control functionality entirely.
Another way to keep yourself safe is to avoid using the Zoom app and instead use the browser version when possible, which limits the functionality – including not allowing remote control of the system. Zoom will offer this option when you attempt to join a meeting without opening the app.
The Security Alliance also recommends users perform due diligence when receiving an offer or request from unknown individuals to ensure they are communicating with legitimate profiles and not an impersonator, and that all video calls take place over trusted platforms – Zoom, Google Meet, Microsoft Teams.
Always make sure that your antivirus software is current, and if you have additional features for online protection like a VPN, hardened browser, or password manager, make sure that those are set up too – those extra steps could make a difference in protecting your accounts if there's ever a malware infection or a breach.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
