North Korean Hackers Exploit Zoom Feature to Target Crypto Traders
North Korean threat actors are abusing a lesser-known Zoom remote control feature to deploy infostealer malware on the devices of cryptocurrency traders and venture capitalists, cybersecurity experts warn.
According to reports from SEAL Security Alliance and Trail of Bits, a hacking campaign dubbed Elusive Comet begins with phishing messages posing as podcast or investor invitations from a fake firm named Aureon Capital. Victims are lured into Zoom meetings via Calendly links under the pretence of interviews or business discussions.
During the Zoom call, the hackers request the victim to share their screen. Then, impersonating the Zoom platform, they prompt for remote control access. If granted—often due to urgency or inattention—the attackers gain full access to the victim’s device, allowing them to install malware that steals credentials, seed phrases, or sensitive browser data.
The malware acts either immediately or as a remote access trojan (RAT) for delayed attacks. The attackers use social engineering to make the remote-control request appear as a legitimate system notification by renaming their profile to "Zoom."
SEAL attributes millions in losses to the campaign and has identified dozens of fake social media profiles and websites used to support the scam. Trail of Bits also encountered the scheme when attackers impersonated Bloomberg producers to bait their CEO into a fake Zoom interview.
Trail of Bits highlighted how Zoom’s reliance on macOS “accessibility” permissions and a poorly differentiated permission prompt make this form of attack effective, even against tech-savvy users. The Zoom remote control feature, intended as a collaborative tool, often remains enabled by default, leaving organizations vulnerable.
Security professionals urge companies to disable Zoom’s remote-control option, especially for accounts handling sensitive data, and implement tighter controls over accessibility permissions to block these exploit attempts.
“This isn’t about exploiting code,” Trail of Bits noted. “It’s about manipulating people. And that’s now the greater threat.”
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
