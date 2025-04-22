Threat Intelligence, Application security

Zoom Remote feature exploited in North Korean crypto theft operations

SecurityWeek reports that information-stealing payloads have been distributed by North Korean threat actors against cryptocurrency traders and venture investors through the exploitation of the Zoom remote collaboration feature.

North Korean hackers, tracked as Elusive Comet, have been impersonating VC investors in phishing emails purporting to be invitations to an Aureon Capital-led podcast with Calendly links to Zoom meetings, where targets are later lured into sharing their screen, with attackers then leveraging Zoom to seek control over their computer, according to an advisory from Security Alliance. Targets' approval of remote access is then followed by the deployment of an infostealer or a remote access trojan, said the SEAL alert. Another report from cybersecurity consulting company Trail of Bits showed the attack technique being leveraged by threat actors masquerading as Bloomberg producers on the social media platform X, formerly Twitter, who lured the firm's CEO for an interview regarding cryptocurrency. Attackers' use of consumer-grade Zoom accounts to exploit the platform's remote feature and deploy malware was noted to resemble the major Bybit cryptocurrency hack in February that involved the exploitation of legitimate workflows instead of code issues.

