Deception has found a new home in the virtual meeting space.
Cybercriminals have discovered a clever way to steal cryptocurrency by exploiting a commonly used feature in Zoom calls.
A crime group known as ELUSIVE COMET, along with North Korea-linked BlueNoroff, are targeting crypto executives and holders through sophisticated social engineering campaigns that turn helpful screen-sharing into digital theft.
The scam begins innocently enough.
Victims receive professional-looking invitations to appear on podcasts or participate in interviews from what appears to be legitimate media outlets or venture capital firms.
The threat actors often pose as representatives of Aureon Capital when initiating contact via X direct messages or email.
It’s like getting invited to the cool kids’ table—except the cool kids want to empty your digital wallet.
Once the target joins the Zoom call, they’re asked to share their screen for a presentation.
Here’s where things get sneaky.
The attackers request remote control access, often after changing their display name to “Zoom” to appear as a system notification.
Many victims, distracted by the conversation, grant access without a second thought—like absentmindedly holding the door for someone carrying packages, except these packages contain malware.
With control granted, attackers swiftly install malicious software designed to steal credentials and cryptocurrency assets.
These aren’t your garden-variety hackers; they’re sophisticated operators who create convincing personas complete with polished websites and social media profiles.
The hackers even set up OnChain Podcast as one of their fake entities to establish legitimacy with potential targets.
Remaining vigilant for scams is crucial to protecting your investments from these increasingly sophisticated threats.
BlueNoroff has taken this scheme even further, employing deepfake technology to impersonate real people during calls.
Their custom-built malware targets specific vulnerabilities in operating systems, particularly macOS, leaving minimal traces after stealing financial data.
The attacks have proven particularly effective against CEOs of crypto or fintech companies, with at least one major theft reported.
The combination of social pressure, convincing impersonation, and technical deception creates a perfect storm for credential theft.
Security experts recommend organizations disable Zoom’s remote control feature entirely—because in today’s digital landscape, letting someone take the wheel of your computer is like handing a stranger your house keys and bank account information.
