Hackers abuse Zoom remote control feature for crypto-theft attacks

A hacking group dubbed 'Elusive Comet' targets cryptocurrency users in social engineering attacks that exploit Zoom's remote control feature to trick users into granting them access to their machines. Zoom's remote control feature allows meeting participants to take control of another participant's computer. According to cybersecurity firm Trail of Bits, which encountered this social engineering campaign, the perpetrators mirror techniques used by the Lazarus hacking group in the massive $1.5 billion Bybit crypto heist. "The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," explains the Trail of Bits report. Zoom-based interview scheme Trail of Bits learned of this new campaign after the threat actors attempted to conduct the social engineering attack on its CEO via X direct messages. The attack starts with an invitation to a "Bloomb ... Read full article.