The chief executive of non-fungible token platform Emblem Vault is warning X users to be wary of the video meeting app Zoom after a nefarious threat actor known as “ELUSIVE COMET” recently stole over $100,000 of his personal assets.
On April 11, Emblem Vault CEO, podcaster and NFT collector Jake Gallen said on X that he had been battling a “complete computer compromise” that ended up with a loss of Bitcoin (BTC) and Ether (ETH) assets from different wallets. “Unfortunately, this led to $100k+ in purchased digital assets being lost,” he said.
Days later, Gallen said he had been working with cybersecurity firm The Security Alliance (SEAL) to track an ongoing campaign against crypto users by a threat actor identified as “ELUSIVE COMET.”
Gallen said the scam was facilitated over the video conference platform Zoom, which resulted in his crypto wallet being drained.
“We were able to retrieve a malware file that was installed on my computer during a Zoom call with a YouTube personality of over 90k subs,” said Gallen on April 14.
The malicious actor “employs sophisticated social engineering tactics with the goal of inducing victims into installing malware and ultimately stealing their crypto,” SEAL reported in late March.
Source: Jake Gallen
Gallen said he’d arranged an interview after being contacted by a verified X account with 26,000 followers that claims to be the founder and CEO of a crypto mining platform. However, during the interview, the X user left their screen switched off while Gallen’s was on. During the call, Gallen was tricked into enabling the installation of malware called “GOOPDATE,” which stole credentials and accessed his crypto wallets.
Cointelegraph reached out to the X account for comment.
Zoom remote access threat
“For this scam to take place, it’s said that the guest of the Zoom video call allows remote access to the host of the call, which is a requestable feature that is DEFAULT ON for every Zoom account,” said Gallen.
NFT collector Leonidas confirmed the default settings and advised those in the crypto industry to prevent remote access.
“If you don’t do this, anybody who is on a Zoom call with your employees can take over their entire computer by default,” he said.
Source: Leonidas
SEAL security researcher Samczsun told Cointelegraph that Zoom, by default, allows meeting participants to request remote control access. “At this point in time we believe the victim still needs to be social engineered into granting access,” they said.
Cointelegraph reached out to Zoom for comments but did not receive an immediate response.
Related: Crypto founders report deluge of North Korean fake Zoom hacking attempts
Gallen also stated that the hackers accessed his Ledger wallet even though he had only logged in a few times over the three years and had never written the password down anywhere digitally.
They also hacked his X account in an attempt to lure in other victims through private messages.
SEAL reported that ELUSIVE COMET is known to operate Aureon Capital, which claims to be a legitimate venture capital firm. The threat actor is responsible for “millions of dollars in stolen funds” and poses a significant risk to users due to their “carefully engineered backstory,” the firm noted.
Samczsun advised users who have interacted with Aureon Capital to contact SEAL’s emergency hotline on Telegram.
Magazine: Bitcoin eyes $100K by June, Shaq to settle NFT lawsuit, and more: Hodler’s Digest
