barabazs on Farcaster

barabazs pfp

On Tuesday, a group of hackers reached out to my friend and co-founder @bax via DM, pretending to be a journalist. They were attempting to hack him on a Zoom call using a clever method that has already been used to steal millions of dollars. Learn details of the attack and how to protect yourself🧵

1 reply

3 recasts

4 reactions

barabazs pfp

First he looked into Benson Toti and learned the real Benson is in Nigeria, so he quickly realized this was a scam -- likely the campaign dubbed "ELUSIVE COMET" by SEAL. He enlisted the help of G9Agent who pretended to be him in order to bait them. https://www.securityalliance.org/news/2025-03-elusive-comet

1 reply

0 recast

1 reaction

barabazs pfp

The way the hack starts is they engage the victim in a a detailed conversation. They do their homework and come prepared, asking engaging questions. If you recognize their voices, please let us know. (Pro-tip: journalist using a cat smoking a cigarette as his avatar🚩🚩🚩)

1 reply

0 recast

1 reaction

barabazs pfp

Coincidentally, he did an interview for a podcast about ELUSIVE COMET which was published earlier that day. I'm guessing during the call they glanced at my feed and noticed his posts about THEM. 2 min into the call they ended it and blocked him on X https://x.com/ClickHereShow/status/1932436172216606785

1 reply

0 recast

1 reaction

barabazs pfp

Unfortunately, we didn't get that far, but normally they engage targets in lengthy conversations. Once the target is feeling comfortable lets their guard down, the hackers ask them to share their screen. If you look closely at the video, you'll notice a user named "Zооm"...

1 reply

0 recast

0 reaction

barabazs pfp

Using a user named "Zооm", they request remote control of the target's desktop. Their hope is that their target reflexively clicks "approve". A user named Zoom is supposed to trigger red warning text. In testing, I was able to evade it by using cyrillic о instead of latin o.

1 reply

0 recast

1 reaction

barabazs pfp

Once they have remote control of your desktop, it's GAME OVER. They immediately install malware, steal your crypto, and can gain access to all your data/accounts. Disabling remote control in Zoom will protect against this specific vector but they will likely find other ones.

1 reply

1 recast

1 reaction