A cyber group known as Elusive Comet is using a new kind of social engineering attack that takes advantage of Zoom’s remote control feature. Their goal? To steal cryptocurrency from unsuspecting victims by tricking them during fake online interviews.
This new attack method was uncovered by cybersecurity experts at Trail of Bits, who warn that even experienced users can fall for the scam due to how well it mimics legitimate Zoom behavior.
How the Zoom-Based Crypto Scam Works
The attackers begin by impersonating journalists from well-known media outlets like Bloomberg. They reach out to potential victims—usually people who work in the cryptocurrency industry—through social media platforms like X (formerly Twitter) or email.
Victims are invited to a Zoom interview under the pretense of being featured in a high-profile media segment. These invitations are sent through legitimate tools like Calendly and Zoom, which helps the attackers appear trustworthy and professional.
Once the victim joins the Zoom call, the attackers share their screen and then send a remote control request. But here’s the clever trick—they rename their Zoom display name to “Zoom” itself. So when the victim sees the request, it looks like a legitimate system prompt that says:
“Zoom is requesting remote control of your screen.”
This simple trick is enough to fool many users into clicking “Approve” without realizing that they’re granting full access to a hacker.
What Happens After Access is Granted
Once the hacker gains remote control, they can do a number of dangerous things, including:
Stealing cryptocurrency wallet credentials
Accessing sensitive files or documents
Installing malware or backdoors
Making unauthorized crypto transactions
According to Trail of Bits, the attackers move quickly. They may even install hidden backdoors so they can return later without being detected, even after the Zoom call ends.
This method is particularly dangerous because it doesn’t rely on software vulnerabilities or complex malware. Instead, it manipulates human behavior and the trust we place in common tools like Zoom.
Ties to the $1.5 Billion Bybit Crypto Hack
Trail of Bits also noted that the tactics used by Elusive Comet are similar to those used in the massive Bybit crypto hack in February, where attackers stole $1.5 billion. In both cases, the hackers didn’t rely on technical vulnerabilities but rather exploited trust and standard workflows.
By copying methods seen in earlier high-profile attacks, Elusive Comet shows how effective social engineering can be—especially when the attack feels familiar and routine.
Why Users Are Falling for It
One reason this scam is so effective is the way Zoom’s interface handles permissions. Users are often asked to approve things during regular Zoom calls, such as allowing screen sharing or enabling audio. Over time, users get used to clicking “Approve” without thinking twice.
Trail of Bits highlights this issue, warning that users may grant dangerous permissions simply out of habit—especially when the request looks like it’s coming directly from the Zoom app.
How to Protect Yourself and Your Organization
Here are some steps that individuals and businesses can take to defend against this type of attack:
1. Be Skeptical of Unexpected Interview Requests
If someone claims to be from a well-known media outlet and invites you to an interview, verify their identity independently. Don’t rely on email addresses or social media handles alone.
2. Don’t Approve Remote Control Requests
Unless you are absolutely sure of who is making the request and why, never approve a remote control prompt during a Zoom meeting.
3. Use System-Level Security Settings
Trail of Bits recommends using Privacy Preferences Policy Control (PPPC) profiles to block apps like Zoom from gaining remote access. These settings can be enforced across devices in an organization.
4. Avoid Installing Zoom on Sensitive Devices
For high-security environments, the cybersecurity firm suggests removing Zoom entirely from systems that handle crypto assets or sensitive information. Using the browser-based version of Zoom instead of the full app can reduce some of the risk.
“For organizations handling particularly sensitive data or cryptocurrency transactions, the risk reduction from eliminating the Zoom client entirely often outweighs the minor inconvenience,” Trail of Bits said.
Conclusion
This cyberattack shows how powerful social engineering can be when combined with legitimate tools and well-executed deception. As more people work remotely and rely on platforms like Zoom, the line between convenience and security continues to blur.
Cryptocurrency users, in particular, must stay vigilant. A single click on an innocent-looking Zoom prompt could result in massive financial losses and compromised systems.
Make sure you know who you’re talking to—and never give control of your screen to someone you don’t completely trust.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : Scallywag Scam, 1.4 Billion Daily Fake Ads Linked to WordPress Sites
Pingback: Critical Commvault Flaw (CVE-2025-34028) Lets Hackers Execute Code Remotely