In this news:
Skip to main content
Tech Radar Pro
Tech Radar Gaming
Tech Radar Pro
TechRadar the business technology experts
Search TechRadar
View Profile
België (Nederlands)
Deutschland
North America
US (English)
Australasia
New Zealand
Expert Insights
Website builders
Web hosting
Best web hosting
Best website builder
Best office chairs
Expert Insights
Zoom remote control feature abused for crypto stealing cyberattacks
Sead Fadilpašić
23 April 2025
Hackers are impersonating both Bloomberg and Zoom
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Zoom's usage lives up to its name
(Image credit: Shutterestock)
Cybercriminals are inviting victims to talk to "journalists"
On the Zoom call, they're asked to grant permissions for remote access
Those that grant the permissions lose their crypto
Hackers are abusing Zoom’s remote desktop feature to steal people’s cryptocurrency, experts have warned.
Cybersecurity researchers Trail of Bits claim to have seen the attack in the wild, focusing on “high-value targets,” people who the media would often contact for comments and discussion on everyday events. The attackers would reach out via social media (X, for example), and send them a Zoom invite via Calendly, pretending to be Bloomberg journalists.
On Zoom, the attackers would join with an account named “Zoom”, and request remote control over the victim’s account. The victims would see a popup saying “Zoom is requesting remote control of your screen” which, for those used to granting permissions without thinking twice, might seem like a legitimate request from a legitimate app.
You may like
Millions at risk as cybercriminals successfully compromise popular YouTube accounts: here's how to stay safe
Phishing campaign targets prominent X users, accounts at risk
Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)
Elusive Comet
"What makes this attack particularly dangerous is the permission dialog's similarity to other harmless Zoom notifications," Trail of Bits said.
"Users habituated to clicking "Approve" on Zoom prompts may grant complete control of their computer without realizing the implications."
Once the access is granted, the attackers would move fast, deploy a stealthy backdoor or other means of retaining access, and then disconnect from the call.
The last step is to use the malware to access the victim’s cryptocurrency wallets and siphon out any funds found inside.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The researchers named the group “Elusive Comet” and said the methodology is most likely copied from Lazarus, the infamous North Korean state-sponsored entity that targets crypto businesses.
"The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities," Trail of Bits said in its report.
To mitigate the risk, it would be best not to grant people or apps remote access, unless you’re 100% certain the person is benign.
Via BleepingComputer
You might also like
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Take a look at our guide to the best authenticator app
We've rounded up the best password managers
Sead Fadilpašić
Social Links Navigation
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Millions at risk as cybercriminals successfully compromise popular YouTube accounts: here's how to stay safe
Phishing campaign targets prominent X users, accounts at risk
Hackers go after influencers and content creators to hit followers with malware, steal data
PoisonSeed campaign hijacks business CRM and email accounts to send out huge amounts of spam
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in Security
Marks and Spencer has suffered a cyberattack - here’s what we know so far
Ransomware hackers demand victims justify their jobs, or pay up
Zoom remote control feature abused for crypto stealing cyberattacks
Google Privacy Sandbox is no more
SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks
1Password unveils new security and Agentic AI capabilities for XAM platform
Latest in News
Tiny11 strikes again, as bloat-free version of Windows 11 is demonstrated running on Apple’s iPad Air – but don’t try this at home
Sorry, Max's password crackdown just got serious – here’s how much it will cost to add an extra member to your subscription
One of the best budget Fitbit alternatives is about to get a new upgrade
A surprising 80% of people would pay for Apple Intelligence, according to a new survey – here’s why
Marks and Spencer has suffered a cyberattack - here’s what we know so far
These 7 Nintendo Switch 2 pre-order tips helped me secure my own bundle, and they could help you too
LATEST ARTICLES
Zoom remote control feature abused for crypto stealing cyberattacks
Sorry, Max's password crackdown just got serious – here’s how much it will cost to add an extra member to your subscription
The latest PlayStation Store sale is here, and with big discounts on everything from Resident Evil Village to Disco Elysium, these are the deals in my basket
Tiny11 strikes again, as bloat-free version of Windows 11 is demonstrated running on Apple’s iPad Air – but don’t try this at home
A surprising 80% of people would pay for Apple Intelligence, according to a new survey – here’s why
TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.
Contact Future's experts
Terms and conditions
Privacy policy
Cookies policy
Advertise with us
Web notifications
Accessibility Statement
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
Please login or signup to comment
Please wait...
.png)
