- Cybercriminals are inviting victims to speak with “journalists”
- In Zoom’s call, they are asked to grant permits for remote access
- Those who grant permits lose their crypto
Computer pirates are abusing zoom remote desktop function to steal people’s cryptocurrencies, experts warned.
Cybersecurity researchers Path of Bits claim to have seen the attack on nature, focusing on “high value objectives”, people to which the media often contacted comments and discussions on everyday events. The attackers would communicate through social networks (X, for example), and would send them a zoom invitation through calendarly, pretending to be Bloomberg journalists.
In Zoom, the attackers would join with an account called “Zoom” and would request remote control on the victim’s account. The victims would see an emerging window that says “Zoom is requesting the remote control of their screen” that, for those accustomed to granting permits without thinking twice, may seem a legitimate request for a legitimate application.
Comet elusive
“What makes this attack particularly dangerous is the similarity of the permission dialog with other harmless zoom notifications,” said Trail of Bits.
“Users accustomed to clicking on” Approve “in Zoom indications can give complete control of their computer without realizing the implications.”
Once the access is granted, the attackers would move quickly, deploy a stealthy back door or other means to retain access, and then disconnected from the call.
The last step is to use the malware to access the victim’s cryptocurrency wallets and symph up the funds found inside.
The researchers appointed the group “Elusive Comet” and said that the methodology is probably copied by Lázaro, the infamous entity sponsored by the state of North Korea that is directed to cryptographic businesses.
“The elusive comet’s methodology reflects the techniques behind the recent $ 1.5 billion hack bybit in February, where the attackers manipulated legitimate workflows instead of exploiting code vulnerabilities,” said Trail of Bits in his report.
To mitigate the risk, it would be better not to grant remote access to people or applications, unless it is 100% sure that the person is benign.
Through Bleepingcomputer
