Zoom Users Fall Victim to Personal Data Stealing Malware, Research Says

News and Analysis
22.05.2020

Cybercriminals continue to invent new methods to get access to users’ personal information following popular trends in the corporate world. Researchers from Trend Micro have found two new malware files disguised as installers for Zoom, a video communications app that has seen extreme demand from users around the world following the spread of the coronavirus pandemic.

With companies being forced to temporarily close their offices and let staff work from home, they have turned to video calls to communicate with their colleagues. Moreover, some people even began organizing weddings, yoga classes, educational courses, and other events on the app.

Remote Execution of Commands at Any Given Point

The global admiration for Zoom has brought about bad actors taking advantage of it and developing new ways to infect users’ computer systems. Once downloaded and installed, one of the malicious files that mimics the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely.

“Looking into the disassembled functions of the added notification registry, it showed that the strings contained configurations and values used to notify the command and control server that the email has been set up, credentials of the user have been stolen, and flag the infected machine as ready for access,” the analysis further explained.

The other file installs the so-called Devil Shadow botnet in devices. The Devil Shadow botnet contains malicious commands. The malware continues running on the system even after the installation and is programmed to take screenshots of the user’s desktop and active windows. Also, it scans the system for any connected webcams.

The malware sends stolen data to the command and control server every 30 seconds.

The authors of the analysis warn that the malicious files disguised as Zoom installers do not relate to Zoom’s official installation distribution channels, they come from untrusted sources. Additionally, it takes more time for fake versions to run as they extract the malicious components before launching Zoom.

Other Security Concerns Surrounding Zoom

This is not the first time for security issues to circulate around the popular application. Last month, an array of debilitating bugs were pointed out by cybersecurity researcher Patrick Wardle.

According to Wardle, the exploits he managed to uncover allowed attackers to exploit Zoom’s installer to basically hijack a user’s Mac. That could allow the attacker to record all Zoom calls or even access the user’s mic and cam at any moment.

Moreover, some reports claimed that Zoom did not, in fact, provide end-to-end encryption, which had made all user calls vulnerable. What’s even more egregious is that Zoom was caught sending data to Facebook for advertising purposes.

Meanwhile, a new study by business software site Capterra revealed that remote workers have also become greatly exposed to phishing emails during the lockdown, with hackers aiming to steal users’ passwords. Capterra pointed out that “despite the majority of workers stating they are pleased with working from home, the adoption of security measures still has room for improvement.”

Written by Ana Alexandre

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Found a typo? Highlight text and press CTRL+ENTER

Subscribe to our Newsletter

<

Related posts

Tags: , ,