They are using Zoom to distribute malware: Here’s how to stay safe

A new cybercrime group known as Elusive Comet is using Zoom meetings as a gateway to install malware and steal digital assets. By impersonating legitimate media outlets, they gain victims’ trust, then exploit Zoom’s remote control features to hijack their devices. The Security Alliance has issued an alert urging high-profile users to remain vigilant.

How the scam works

The attackers first contact their targets — often CEOs or crypto asset holders — by posing as media professionals or podcast hosts. They create convincing backstories with polished websites, social media activity, and even YouTube channels to appear legitimate. Once a video call is arranged, they keep their camera off and send a remote control request, with the name changed to “Zoom” to mimic the app itself.

If the user accepts the request, the attacker immediately gains full control of the system. Victims have already reported loss of Bitcoin and Ethereum funds, and unauthorized access to email and social media accounts.

How to protect yourself

To avoid falling into this trap, users should never accept remote control requests during video calls, especially from unknown contacts. Disabling Zoom’s remote control feature in settings is a crucial first step.

Additionally, using the browser version of Zoom instead of the app offers an added layer of security, as it does not support remote control. The Security Alliance also advises verifying the legitimacy of any unsolicited media offer and double-checking all social media profiles before engaging.

Keeping your antivirus software, VPN, and password manager up to date can also help mitigate potential threats. In a digital landscape full of deception, extra vigilance could make all the difference.