Risky Bulletin: Crypto-Thieves Abuse Zoom's Remote Control Feature
Host: Claire Aird | Date: April 21, 2025
Introduction
In the latest episode of Risky Bulletin, hosted by Claire Aird and prepared by Catalyn Kim Panu, the Risky Business team delves into a range of pressing cybersecurity issues. From sophisticated crypto theft schemes leveraging Zoom’s remote control feature to alarming stock market manipulations and significant legislative changes in cybersecurity laws worldwide, this episode provides a comprehensive overview of the current threat landscape.
Zoom’s Remote Control Feature Exploited for Cryptocurrency Theft
Timestamp: [00:04]
The episode opens with a concerning development in cryptocurrency security. Hackers from the group Elusive Comet have been exploiting Zoom’s remote control feature to orchestrate large-scale crypto thefts. Claire Aird explains:
“Members of the group Elusive Comet pose as podcast hosts, reporters, and venture firms to lure crypto owners into video conferences. The attackers name themselves Zoom on the call, so when they request control of the victim's system, it appears the software itself is asking.” ([00:04])
Once granted control, the attackers install malware to siphon funds, resulting in millions of dollars stolen from unsuspecting cryptocurrency owners. This method highlights the growing sophistication of cybercriminals in exploiting legitimate software features for malicious purposes.
Unauthorized Stock Trades via Japanese Brokerage Accounts
Timestamp: [00:04]
In a significant breach impacting the financial sector, hackers have executed unauthorized trades totaling over $700 million through Japanese stock brokerage accounts. The breach was primarily facilitated through phishing attacks, allowing attackers to:
- Sell victims' stocks.
- Purchase artificially inflated shares in Chinese companies using the proceeds.
Japan’s financial regulator reported that most of these hacks took place between February and April of the current year, raising concerns about the security measures in place within the Japanese financial systems.
Microsoft Entra’s New Mace Credential Revocation Feature Causes Security Alerts
Timestamp: [00:04]
Microsoft Entra customers have noticed a sudden surge in security alerts and account lockouts, as discussed by Claire:
“The issue appears to be caused by Entra's new Mace credential revocation feature. The feature warns companies when employees are using an insecure password that was leaked in a previous breach.” ([00:04])
While intended to enhance security by alerting organizations to compromised passwords, some customers believe these alerts may be false positives, potentially disrupting business operations and raising questions about the feature's reliability.
EU MPs Offered Faraday Bags Amid Surveillance Concerns in Hungary
Timestamp: [00:04]
In a move to bolster cybersecurity for its officials, five European MPs received Faraday bags to safeguard their phones during visits to Hungary. Claire elaborates:
“EU officials told Politico Europe that the use of Faraday pouches to protect phones is not a common practice.” ([00:04])
This initiative follows previous incidents where EU delegations were allegedly surveilled by Hungarian intelligence, prompting the EU to reconsider the security measures for its members traveling abroad.
CISA Discontinues Contracts with Census and VirusTotal; Fires Contractors
Timestamp: [00:04]
The Cybersecurity and Infrastructure Security Agency (CISA) has made significant changes by terminating contracts with Census and VirusTotal. Additionally, the agency has dismissed 75 contractors from its threat hunting teams. According to Claire:
“But both tools are used to identify and investigate signs of compromise and threat actor activity.” ([00:04])
These actions suggest a strategic shift within CISA, possibly due to budget reallocations or restructuring efforts aimed at enhancing internal capabilities.
The Netherlands’ Recruitment Drive for Cyber Reservists
Timestamp: [00:04]
Responding to the increasing need for cybersecurity expertise, the Dutch government plans to launch a recruitment campaign for cyber reservists later this year. Claire notes:
“The Dutch Defence Cyber Command operated six platoons with a total of 110 cyber reservists last year.” ([00:04])
This initiative aims to expand the country’s defensive capabilities against cyber threats, ensuring a robust response framework within the armed forces.
Zambia Enacts New Cyber Security Law Amid International Concerns
Timestamp: [00:04]
Zambia has recently passed a cybersecurity law mandating lawful interception capabilities for all electronic communications. Claire discusses the international reaction:
“Zambian officials say other countries have similar laws and the capability will only be used with judicial oversight.” ([00:04])
Despite assurances of oversight, the law has prompted unease among other nations, leading the US to issue a travel advisory for Americans visiting Zambia. The law is justified by Zambian authorities as a necessary measure to combat fraud, disinformation, and Child Sexual Abuse Material (CSAM).
US Indicts Hacker "Scrublord" for Stealing Personal Data
Timestamp: [00:04]
The U.S. Justice Department has filed charges against Nicholas Moses, known online as Scrublord, for stealing personal data of over 65,000 individuals. Claire explains:
“He is accused of renting access to the botnet and deploying infostealers on victims' computers.” ([00:04])
His activities were uncovered following the takedown of the Smoke Loader botnet in May of the previous year, illustrating the persistent efforts by authorities to dismantle cybercriminal infrastructures.
Iranian National Indicted for Running Nemesis Dark Web Marketplace
Timestamp: [00:04]
An Iranian man, Behrou's Pasarad, has been indicted for operating the Nemesis Dark Web marketplace. The platform, active from 2021 until its seizure by German authorities last year, was notorious for trading drugs and hacking services. Additionally, Pasarad was sanctioned by the U.S. Treasury in the previous month, underscoring the international crackdown on dark web activities.
FTC Reports Americans Lost $470 Million to Text Message Scams
Timestamp: [00:04]
The Federal Trade Commission (FTC) revealed that Americans lost approximately $470 million to text message scams in the past year, a figure likely underrepresented due to unreported cases. Common scam themes include:
- Package delivery notifications.
- Phony job offers.
- Fake fraud alerts.
- Unpaid road toll fees.
This highlights the escalating sophistication of scammers targeting individuals through seemingly legitimate text communications.
FBI Warns of New IC3 Impersonation Scam
Timestamp: [00:04]
The FBI has identified a novel scam where fraudsters impersonate employees of its Internet Crime Complaint Centre (IC3). Claire describes the scheme:
“The scammers begin by posing as attractive women on support forums for fraud victims.” ([00:04])
These impostors direct victims to interact with a fake IC3 agent, convincing them that stolen funds can be recovered. Instead, victims fall prey to another layer of deception, further exacerbating their losses.
Kairos Data Extortion Group Leaks Files from Baltimore State Attorney's Office
Timestamp: [00:04]
The Kairos data extortion group has leaked files from the Baltimore State Attorney's office, likely as part of an ongoing extortion attempt. Claire provides insight:
“The small leak is likely part of an ongoing extortion attempt.” ([00:04])
Since emerging publicly in November, Kairos has targeted over 30 organizations, utilizing data leaks as leverage to demand ransoms.
Chinese Cybercrime Group Offers NFC Relay Attack Malware
Timestamp: [00:04]
A Chinese cybercrime faction is renting out access to its Android malware, which automates Near Field Communication (NFC) relay attacks. This malware enables attackers to:
- Withdraw funds from victims’ bank accounts via ATMs.
- Conduct point-of-sale (POS) transactions fraudulently.
This development is part of a growing trend of NFC-capable malware, first observed in Russia last year, demonstrating the expanding arsenal of tools available to cybercriminals.
Chinese Cyber Espionage Group Exposes Attack Tools Due to Server Misconfiguration
Timestamp: [00:04]
A Chinese cyber espionage group inadvertently exposed some of its attack tools due to a server misconfiguration. Claire elaborates:
“The leak contained exploit scripts for Fortinet firewalls and VPNs, PHP web shells and network reconnaissance scripts specific to a major Japanese company.” ([00:04])
Security firm Hunt Intelligence attributes the server to the Redgolf APT group, which is known for embedding backdoors in VPN software like VIPnet. Despite confirmation from Infotex, the manufacturer of VIPnet, that such attacks require prior access, this incident underscores vulnerabilities in widely-used cybersecurity tools.
Asus Patches Vulnerability in AI Cloud-Enabled Routers
Timestamp: [00:04]
Asus has addressed a critical vulnerability affecting its routers equipped with the AI Cloud service. Claire advises users:
“The company said users should disable AI Cloud if they can't install the firmware updates.” ([00:04])
The AI Cloud feature facilitates remote connections to home networks, posing a dual threat where both legitimate users and attackers can exploit this access point.
Google’s Private Proof API to Enhance Bot and Fraud Detection
Timestamp: [00:04]
Google is developing a new web API, Private Proof API, designed to aid websites in identifying bots and preventing online fraud. Unlike traditional methods that rely on cookies, device fingerprinting, or CAPTCHAs, this API utilizes zero-knowledge proofs to verify if a browser profile is suspiciously new, enhancing privacy and security simultaneously.
Discord Trials New Age Verification System
Timestamp: [00:04]
In an effort to regulate access to sensitive content, Discord is testing an age verification system that requires users to scan their faces before viewing such material. Users have the option to opt out and instead verify their age by submitting a scanned photo ID. Currently, this feature is under trial in Australia and the UK, reflecting a broader industry trend towards stricter content access controls.
Conclusion
The April 21, 2025 episode of Risky Bulletin underscores the dynamic and multifaceted nature of cybersecurity threats and responses. From exploitations within popular platforms like Zoom to geopolitical cybersecurity initiatives and legislative changes, the landscape requires continuous vigilance and adaptive strategies. Claire Aird’s comprehensive coverage ensures that listeners are well-informed about the latest developments, equipping them with the knowledge to navigate and safeguard against emerging cyber threats.
For more insights and updates, visit riskybiz.com and stay tuned to the Risky Bulletin podcast series.