Ethical Hacking News
Hackers have been exploiting a vulnerability in Zoom's remote control feature to carry out social engineering attacks on cryptocurrency users, resulting in significant losses for several high-value targets. Learn more about this security threat and how to protect yourself from these types of attacks.
Hackers have been exploiting a vulnerability in Zoom's remote control feature to carry out social engineering attacks on cryptocurrency users. The attack begins with an invitation via Zoom, sent through fake accounts impersonating crypto-focused journalists or Bloomberg outlets. Remote control requests are made by renaming the Zoom display name to "Zoom" and requesting access to the victim's screen. Granting approval gives attackers full remote input control over the victim's system, allowing them to steal data, install malware, or initiate cryptocurrency transactions. Users may be unaware of the implications when granting access due to habituation to clicking "Approve" on Zoom prompts. Implementing system-wide Privacy Preferences Policy Control (PPPC) profiles and/or removing Zoom from systems can help defend against this threat.
Hackers have been exploiting a vulnerability in Zoom's remote control feature to carry out social engineering attacks on cryptocurrency users, resulting in significant losses for several high-value targets. According to a report by cybersecurity firm Trail of Bits, the attackers mimicked techniques used by the Lazarus hacking group in a $1.5 billion crypto heist.
The attack begins with an invitation to a "Bloomberg Crypto" interview via Zoom, sent to high-value targets through sock-puppet accounts on social media platforms or email. The fake accounts impersonate crypto-focused journalists or Bloomberg outlets and reach out to the targets directly. Since both Calendly and Zoom invites/links are authentic, they work as expected and lower the target's suspicions.
During the Zoom call, the attacker initiates a screen-sharing session and sends a remote control request to the target. The trick employed in this stage is that the attackers rename their Zoom display name to "Zoom," so the prompt the victim sees reads "Zoom is requesting remote control of your screen." This makes it appear as if the request is coming from the app itself, making it more convincing.
However, approving the request gives the attackers full remote input control over the victim's system. They can steal sensitive data, install malware, access files, or initiate cryptocurrency transactions. The attacker may act quickly to establish persistent access by implanting a stealthy backdoor for later exploitation and disconnect, leaving victims with little chance to realize the compromise.
What makes this attack particularly dangerous is that users habituated to clicking "Approve" on Zoom prompts may grant complete control of their computer without realizing the implications. To defend against this threat, Trail of Bits recommends implementing system-wide Privacy Preferences Policy Control (PPPC) profiles that prevent accessibility access. In some cases, it is recommended to remove Zoom entirely from all systems for security-critical environments and organizations handling valuable digital assets.
The use of browser-based alternatives may be a more suitable solution for these organizations. According to Bill Toulas, tech writer and infosec news reporter at Bloomberg CryptoCurrency, "For organizations handling particularly sensitive data or cryptocurrency transactions, the risk reduction from eliminating the Zoom client entirely often outweighs the minor inconvenience of using browser-based alternatives."
In light of this vulnerability, it is essential for users to be aware of the risks associated with remote control features in video conferencing platforms and take necessary precautions to protect their systems. By understanding the tactics employed by these attackers, individuals can better defend themselves against such social engineering attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Zooms-Remote-Control-Feature-for-Cryptocurrency-Heist-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-abuse-zoom-remote-control-feature-for-crypto-theft-attacks/
Published: Tue Apr 22 15:37:06 2025 by llama3.2 3B Q4_K_M
