Rewterz Threat Alert – Hackers Start Capitalizing on Zoom’s Success to Spread Malware Amid Covid-19

Severity

Medium

Analysis Summary

With the world in complete lockdown, and more people working from home, using online communication platforms such as Zoom to communicate with their peers, cybercriminals are taking advantage of the spike in usage by registering new fake “Zoom” domains and malicious “Zoom” executable files in an attempt to trick people into downloading malware on their devices. There has been a major spike of 25 percent of registered domains of Zoom in past seven days. 

This indicates that the cyber criminals have noticed the increasing demand of the Zoom along with the opportunity to exploit, lure the users and make the maximum out of this global pandemic. It has been noticed that the links shared to the users can be shoddy and it is advised to take a hard look to make sure it’s not a trap. 

With over 13 million monthly active users, Zoom is one of the most popular cloud-based enterprise communication platforms that offers chat, video and audio conferencing, and options to host webinars and virtual meetings online, and it has emerged the most successful online communication tool all around the world in this global pandemic. 

There has been a long list of corona related malware theme attacks going on and now the threat actors are capitalizing on the situation by registering Zoom domains like “zoom-us-zoom_##########.exe,” which when executed, installed potentially unwanted programs (PUPs) such as InstallCore, a dodgy bundleware application that’s known to install other kinds of malware.

Impact

• Information theft
• Installation of unwanted programs
• Exposure of sensitive data.

Affected Vendors

Zoom

Remediation

• Keep your applications up-to dated.
• Always look out for emails with spelling errors and mistakes.
• Never click on the links/attachments sent by unknown senders.
• Always be suspicious about emails sent by unknown senders.