According to Cointelegraph, the CEO of Emblem Vault, Jake Gallen, has issued a warning to users of the video conferencing platform Zoom following a significant security breach. Gallen, who is also a podcaster and NFT collector, reported that a cybercriminal known as “ELUSIVE COMET” stole over $100,000 worth of his personal digital assets, including Bitcoin and Ether, through a sophisticated attack. The incident began on April 11, when Gallen experienced a complete compromise of his computer systems, resulting in the loss of his cryptocurrency holdings from various wallets. He revealed that the attack was facilitated through Zoom, where malware was installed on his computer during a call with a YouTube personality. This malware, identified as “GOOPDATE,” was used to steal credentials and access his crypto wallets. Gallen has been collaborating with cybersecurity firm The Security Alliance (SEAL) to investigate the ongoing threat posed by ELUSIVE COMET, who employs advanced social engineering tactics to deceive victims into installing malicious software.
Gallen recounted that the attack occurred during an interview arranged with “Tactical Investing,” a verified X account claiming to be the founder and CEO of Fraction Mining. During the interview, the other party kept their screen off, allowing the malware installation. SEAL's research indicates that Zoom's default settings enable meeting participants to request remote control access, which can be exploited if users are not cautious. NFT collector Leonidas confirmed these settings and advised those in the crypto industry to disable remote access to prevent unauthorized control of their computers. SEAL security researcher Samczsun emphasized the importance of social engineering in these attacks, noting that victims must be manipulated into granting access. Despite attempts to reach Zoom for comment, no immediate response was received.
The hackers also managed to access Gallen's Ledger wallet, despite his limited use and secure handling of the password. Additionally, they compromised his X account to target other potential victims through private messages. SEAL has identified ELUSIVE COMET as operating under the guise of Aureon Capital, a supposed venture capital firm, and attributes millions of dollars in stolen funds to this threat actor. The firm warns of the significant risk posed by their carefully crafted backstory. Users who have interacted with Aureon Capital are urged to contact SEAL’s emergency hotline on Telegram for assistance. This incident highlights the critical need for heightened security measures and awareness when using digital platforms, particularly in the cryptocurrency sector.
Brian
Kikyo
Alex