May 15, 2025
The Rise of Elusive Comet Attacks on Zoom: A New Threat for Crypto Professionals and Investors

In today's digital environment, collaboration often starts with a meeting link. The platforms we use to connect have become the new foundation for professional relationships, partnerships, and transactions.
As these platforms become central to business and investment activity, they also create new opportunities for attackers. One of the latest threats, known as "Elusive Comet," exploits Zoom’s common collaboration features to gain unauthorized access and extract sensitive information during virtual meetings.
What Is ‘Elusive Comet’ and How It Turns Zoom’s Standard Feature into Vulnerability
Elusive Comet is a scam campaign targeting crypto professionals and investors through fake Zoom meetings using social engineering tactics to gain remote access to victims' devices.
According to BleepingComputer attackers behind Elusive Comet are impersonating journalists, investors, and podcast producers to lure crypto professionals into fake Zoom meetings. During these sessions, they convince participants to share their screen and grant remote control access, which was primarily designed as a collaborative tool.
Once remote access is granted, attackers can move freely through the victim’s device — browsing sensitive folders, accessing crypto wallets, viewing confidential documents, and in some cases, silently planting malware that compromises the system even after the meeting ends.
Trail of Bits also reported that some attackers change their display name to "Zoom" during meetings, making remote control requests appear as system notifications rather than actions from another participant, making it difficult to grasp the possible threat on time.

Fake Meetings Trough Elusive Comet Attacks
Confirmed Cases and Types of Damage
While Elusive Comet primarily targets professionals working in the cryptocurrency sector, public reports so far confirm two major known cases.
The first involved Dan Guido, CEO of Trail of Bits, who received a fraudulent Zoom invitation under the false pretense of a Bloomberg Crypto interview. Fortunately, inconsistencies such as the use of unofficial Calendly links and Gmail addresses were identified before remote access in this case. However, the second case involving Emblem Vault's CEO resulted in real financial losses. Jake Gallen accepted a Zoom meeting that ultimately led to remote access being granted. Attackers reportedly installed malware during the session, accessed connected wallets, and exfiltrated sensitive credentials — resulting in the theft of over 75% of his cryptocurrency assets. In addition to the crypto theft, personal accounts including Gmail and Twitter (X) were also compromised, indicating that the damage extended beyond financial losses alone.
Although only a few public cases have been disclosed, the tactics used in these incidents suggest that the actual number of affected individuals could be higher — particularly within industries where digital assets and remote communication are central to daily operations.
How to Keep Yourself and Your Organization EXTRA SAFE from Remote Access Attacks
With Elusive Comet actively exploiting trust inside everyday communication tools, relying on default settings or casual habits is no longer enough.
Adopting a few precise security practices can significantly reduce the risk of unauthorized access, keeping sensitive information and digital assets under your control.
Never accept remote control requests unless you have personally and independently verified the other participant.
Minimize screen sharing: share specific windows instead of full desktop views. Close wallets and sensitive applications before meetings.
Double-verify unexpected meeting invitations: Confirm through official email, known contacts, or direct channels before joining.
Train your team and collaborators to recognize and treat remote control requests as critical security decisions, not routine.
Schedule meetings through online conferencing platforms built for privacy: Use extrasafe.chat for unexpected meetings or confidential conversations.

EXTRA SAFE features
About #EXTRASAFEcheck:
New security risks pop up every day, spreading faster than ever. From AI flaws to data leaks, even the most popular apps can pose hidden threats, affecting both teams and individual users. That’s why our monthly review brings you the most important updates to keep you informed and protected. Follow #EXTRASAFEcheck to spot risks early and make safer online choices.