A new cybercrime campaign dubbed “Elusive Comet” is gaining speed. In particular, it’s aimed at professionals working in the growing cryptocurrency space, with Zoom being the cybercriminals’ primary attack vector. The campaign has to date inflicted more than 9 billion dollars in financial damages on its victims. This case sheds light on the growing dangers of relying on remote communication tools.
Jake Gallen, CEO of Emblem Vault, experienced the effectiveness of Elusive Comet firsthand when he lost over $100,000 in digital assets. What made this attack particularly notable was that the public Zoom attack included a YouTube star with more than 90,000 subscribers on the platform.
From inside that malware, Gallen unwittingly installed a backdoor file on his own computer. Unfortunately, this oversight opened the door for attackers to access his digital assets. SEAL Org worked together with Gallen to retrieve the malware file. They subsequently used it to take a deeper dive into the Elusive Comet campaign.
Our previous Elusive Comet campaign illustrates how threat actors use legitimate platforms, such as Zoom, to evade security controls.
"The malicious use of legitimate software is a growing trend we’ve continued to see in 2025. In this case, threat actors are leveraging legitimate Zoom and Calendly links to bypass security controls. As trusted domains, their use in this attack makes it more difficult to detect and block." - Max Gannon
In order to stop Elusive Comet attacks, researchers recommend using strong two-factor authentication. They further recommend looking beyond Zoom, advocating for other communication channels like Google Meet.
Limiting application controls and overexposure for high-risk applications like Zoom goes a long way to reducing risk. From a technical standpoint, blocking remote control of Zoom can help protect against attackers gaining remote control of a user’s system.
Elusive Comet's effectiveness is illustrated by Jake Gallen's experience, where a seemingly innocuous Zoom call led to a substantial financial loss. This campaign is an important reminder of the need for vigilance and strong security practices in our ever-evolving digital landscape.
