The coronavirus crisis caused a significant increase in the usage of remote meeting channels like Zoom. In turn, cyber criminals are showing increasing interest in these channels and are trying to fool and infect people. A newly discovered cyberattack campaign is exploiting Zoom’s remote control feature to invade the systems of cryptocurrency traders and venture capitalists. The campaign named ‘Elusive Comet’ uses advanced social engineering strategies to fool users into allowing remote access during Zoom meetings. This results in the implementation of infostealer malware and unauthorized access to confidential data. Let’s delve into how the attackers are exploiting Zoom’s remote control feature as per the cybersecurity advisory.
How Does the Attack Work?
The remote control feature in Zoom is basically designed to enable meeting participants to share control of the counterpart’s system during a session. However, this has become a new target for hackers. The attack takes place in four severe ways:
Legitimate-Looking Meeting Setup: Attackers schedule a real-looking business call, often pretending to be legitimate contacts or colleagues.
Remote Control Request– The hackers often request access to the remote control feature, which is common in collaborative Zoom meetings during screen-sharing.
Display Name Trickery– The attacker changes their Zoom display name to Zoom, which makes the permission prompt look like a routine system notification.
Malware Installation– After gaining access, the criminals can inject malware, steal confidential passwords, or manipulate sensitive data, which implements a stealthy backdoor for smooth access.
The thing that makes this attack harmful is the permission dialog’s resemblance to benign Zoon notifications. Users may approve routine prompts and unknowingly give complete control of their systems.
Why is this Important?
The Elusive Comet campaign suggests a change in cybercrime toward human-centric attacks that exploit legitimate workflows instead of exploiting technical risks. This approach is also found in the Bybit hack related to North Korean jackets, who exploit user belief and acquaintance with tools like Zoom. The stakes are high for companies and people managing cryptocurrency or sensitive data. Hence, the attackers can affect the wallets or affect the entire systems within a few seconds.
How to Protect Yourself?
To protect yourself against the attack, you could follow these steps as cybersecurity advisory:
Disable Remote Control
Zoom administrators can turn off the remote control feature at the account, group, or user level. Turn off this setting to prevent unknowing enabling high-security settings.
Use Browser-Based Zoom
Trail of Bits suggests that the Zoom desktop client should be removed properly, especially for systems managing key digital assets. Browser-based Zoom overlooks vulnerabilities associated with the accessibility grants.
Adopt PPPC Profiles
On macOS, implement Privacy Preferences Policy Control (PPPC) profiles to ban accessibility access. This closes the door for the attackers without disrupting video conferencing functionality.
Stay Vigilant
You should be alert to the uninvited meeting invites or remote control requests, even from known contacts. Check identification through alternative channels before allowing access.
Update Zoom Frequently
Make sure you are working with the latest version of Zoom to benefit from security patches against the identified vulnerabilities. Businesses should also focus on using comprehensive endpoint security. The implementation of software to find and block the malicious activities could help.
Implement Multifactor Authentication
Multi-factor authentication must be implemented for all cryptocurrency-related accounts, mainly those including wallets and exchange channels. This adds an extra layer of security in the case of credential breach.
Education and Train People
Carry out regular cybersecurity awareness training programs for the staff, partners, and other stakeholders so that everyone involved in the business realizes the risks of social engineering and how to identify malicious activities.
Real-world Case
Emblem Vault is a cryptocurrency-related business, and Jake Gallen, the CEO, fell prey to the Elusive Comet campaign. The attack costs him more than $100,000 in digital assets after getting into a Zoom interview with a person pretending as a media member. During the interview, the attacker requested remote control access to his system, which was eventually enabled. The malware named GOOPDATE was installed, which enabled the attacker to access the cryptocurrency wallets of Gallen and access his funds.
This case shows the severe vulnerability in the cryptocurrency environment, where high-net-worth people or executives could be more vulnerable to social engineering attacks because of the high amount of media and investor engagement they manage. The loss of the great funds also shows the importance of increasing awareness of cybersecurity hygiene among cryptocurrency experts.
The Big Picture
This Zoom’s remote control feature exploitation is an eye-opener for the cybersecurity community. As remote collaboration tools have become the norm and are regularly used, attackers are increasingly focusing on user behavior instead of software glitches. The blockchain industry experiences increasing risks as operational security failures separate technical risks. Organizations should focus on user training, better access controls, and active threat tracking to prevent advanced threat actors like Elusive Comet.
Final Thoughts
The Zoom remote control exploit is an eye-opener that even trusted tools are not safe and can be utilized by anyone, and it can be done within a few seconds before the attacks focus on regular system users. This cybersecurity advisory can help you to identify the risks beforehand. By deactivating the vulnerable features, implementing browser-based alternatives, and nurturing a culture of cybersecurity knowledge, people and companies can overcome these threats.
Also Read:
SZ Games – A Place for Fast, Fun, and Browser-based Gaming
Zoom Chat, newly named Zoom Team Chat brings some Revolutionary Features
