Zoom - Defensive Computing

ZOOM

April 2025: There is scam going around that involves the somewhat obscure Remote Control feature of Zoom. A crime group known as ELUSIVE COMET is using this feature in their social engineering attacks that target people with cyrptocurrencies. They have, reportedly, stolen millions of US dollars this way. Victims are contact by Twitter DMs or email. The bad guys pose as venture capital firms, podcast hosts, and/or reporters to lure victims into Zoom video conferences. The scam is made possible when one of the bad guys joins the meeting/conference with the name "Zoom". Then when this bad guys requests remote control of a victim's computer, it seems like the request is coming from the software itself.

April 17, 2025: Mitigating ELUSIVE COMET Zoom remote control attacks by Trail of Bits. Quoting: "This post details our encounter with ELUSIVE COMET, explains their attack methodology targeting the Zoom remote control feature, and provides concrete defensive measures organizations can implement to protect themselves ..." For defense, they suggest using Google Meet instead of Zoom because it runs in a browser which is walled off from the rest of the computer.
March 24, 2025: SEAL Releases Advisory on ELUSIVE COMET from the Security Alliance
November 19, 2024: Requesting or giving remote control from Zoom. Remote Control is available on Windows, macOS, Linux and iOS. Quoting: &qot;The remote control feature allows you to take control of another participant's screen in a meeting when they've given you permission. You can either request remote control of another participant's screen or the other participant can give control to you."
Click trail: Logon to the Zoom website -> Settings -> Meeting tab -> Under In Meeting, click the Remote control toggle

In the video settings, turn on both the touch-up feature and "Always show video preview dialog when joining a meeting". Note that on a Chromebook, the Zoom PWA does not offer the touch-up feature.