A new wave of scams is targeting cryptocurrency holders. To trap investors, cybercriminals are relying on a feature of Zoom, the video conferencing service that has become popular during the pandemic. As researchers at Trail of Bits discovered, hackers are exploiting the service's remote control feature, which allows them to take control of another participant's computer during a Zoom meeting.
A Zoom call gone very wrong
It all starts with the sending of a fake invitation to a Bloomberg Crypto interview, either via email or through X's messaging system. The invitation appears to come from cryptocurrency journalists or official Bloomberg accounts. To fool the targets, the hackers use fake accounts and email addresses.
If the victim decides to participate in the Zoom interview, the hacker will first share the contents of their computer screen. The scammer will quickly send a remote control request... pretending to be Zoom. In fact, the attacker changes their Zoom name to "Zoom." In effect, the target receives a request stating that "Zoom is requesting remote control of your screen." It's easy to think that this is an automated request from the video conferencing application.
Once the target accepts the request, the hacker is able to steal sensitive data, such as private keys linked to crypto wallets. They can also directly transfer digital assets using the victim's computer to their own wallet. Furthermore, the hacker can implant any malware.
A new gang at The crypto assault
Researchers found similarities between this type of attack and the Bybit hack, which resulted in the theft of $1.5 billion in cryptocurrency. The cyberattack, orchestrated by North Korean hackers from Lazarus, also relied on the manipulation of "legitimate workflows". In this case, the hackers manipulated Bybit teams into validating a transaction that modified a cold wallet's smart contract, allowing Lazarus to drain the crypto. However, the scam The Zoom call is not the work of Lazarus hackers. A hacking gang called Elusive Comet is behind the attack, Trail of Bits points out. It has just emerged, targeting crypto investors exclusively.
The researchers recommend that people who "manage particularly sensitive data" or conduct "cryptocurrency transactions" uninstall Zoom from their computers as a security measure. Note that Jake Gallen, CEO of the NFT platform Emblem Vault, lost over $100,000 in crypto during an attack on Zoom.
Source: Trail of Bits
0 Comments