Security researchers have discovered a new attack vector that allows cybercriminals to gain remote access to a victim’s computer via Zoom meetings. The attack, dubbed Comet, leverages legitimate Zoom features and is now being actively used for cryptocurrency theft and other purposes.
How the attack works
The attack starts with an invitation to a Zoom call, often with an urgent or credible purpose. Once the victim joins, the attackers leverage Zoom’s built-in Remote Control feature to gain control of the system. In some cases, this access is automatically granted if the victim accidentally gives permission via the pop-up screen.
From Zoom to crypto wallets
Once the attackers have access, they use it to control applications without the victim’s knowledge. Crypto wallet users are particularly targeted: criminals open wallet software or browser extensions, change settings or initiate transactions – all remotely, within an active Zoom session.
Hard to detect
The attack is carried out using a combination of legitimate software functions and social engineering. Because the Remote Control function is intended for collaboration, suspicious activity is not always immediately recognized. Furthermore, everything takes place within an authorized Zoom session, so traditional security software does not pick up many red flags.
Advice to users
Security experts recommend disabling Zoom’s Remote Control feature if it is not needed, and avoiding invitations from strangers or untrustworthy sources. Crypto app users should secure their wallets with two-factor authentication and never perform critical actions in a shared session.
Comments (0)
Leave a comment