Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Social Engineering Campaign Abuses Zoom to Install Malware

    New Phishing Campaign Impersonating ZoomA social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits.

    The operation targeted Trail of Bits’ CEO, who recognized it as malicious and didn’t fall for the attack. The researchers have attributed the campaign to the ELUSIVE COMET threat actor.

    “Two separate Twitter accounts approached our CEO with invitations to participate in a ‘Bloomberg Crypto’ series—a scenario that immediately raised red flags,” the researchers explain.

    “The attackers refused to communicate via email and directed scheduling through Calendly pages that clearly weren’t official Bloomberg properties. These operational anomalies, rather than technical indicators, revealed the attack for what it was. The ELUSIVE COMET methodology mirrors the techniques behind the recent $1.5 billion Bybit hack in February, where attackers manipulated legitimate workflows rather than exploiting code vulnerabilities.”

    Once a victim joins the Zoom meeting, the attacker requests permission to take control of the victim’s computer. Notably, the attacker changes their display name to “Zoom,” so the request appears as if it’s coming from the application.

    The researchers outline the following attack flow:

    1. “The attacker schedules a seemingly legitimate business call.

    2. During screen sharing, they request remote control access.

    3. They change their display name to ‘Zoom’ to make the request appear as a system notification.

    4. If granted access, they can install malware, exfiltrate data, or conduct cryptocurrency theft.”

    While this campaign used Zoom, the same tactic would work with many other remote meeting platforms. New-school security awareness training can teach your employees to recognize red flags associated with social engineering attacks.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trail of Bits has the story.

     

    Return To KnowBe4 Security Blog

    The Security Culture How-to Guide

    Improving the security culture of your organization can seem daunting. This how-to guide will walk you through how to build a step-by-step plan, helping you understand the fundamentals of security culture and what you can do to move the culture needle in your organization.

    Security-Culture-How-To-Guide

    You'll learn:

    • The fundamental ABCs of culture change and how each builds off each other
    • A seven-step cycle for improving your security culture
    • Advice and best practices for making the most out of each step in the process

    Download this guide now!

    Download the Guide

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/wp-security-culture-how-to-guide

    Topics: Social Engineering, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews
    OSZAR »