Cybercriminals Spread Malware through Zoom Fake Domains

As more people start working from home in response to the coronavirus pandemic, Zoom’s video conferencing service is becoming increasingly popular. Cybercriminals decided to take advantage of this situation, and now they distribute malware through the fake Zoom domains.

Fraudsters register fake “Zoom” domains and create homonymous malicious executable files in an attempt to make people download malware onto their devices.

“Since the start of the pandemic, have been registered more than 1,700 fake Zoom domains, 25% of which have been registered in the last seven days only”, – said specialists from Check Point.

The experts found malicious files called “zoom-us-zoom _ ##########. Exe” that installs potentially unwanted programs at startup, such as InstallCore, a batch application that installs other types of malware.

However, cybercriminals take advantage of the panic associated with the pandemic with all means, for example, Maze operators attacked medical company, which is testing vaccine for COVID-19.

Zoom developers have also distinguished themselves by a careless attitude towards user privacy. Earlier it became known that the iOS version of Zoom sent the analytical data about users to Facebook.

Specialists of the Motherboard publication analyzed the iOS version of Zoom and found something strange – the application sent analytic data about users to Facebook, even if they were not registered on the social network.

Moreover, the exchange of data took place without notification of Zoom users.

As the analysis of the application showed, after installing and opening on the device, it connected to the Facebook Graph API, the software interface most often used by developers to send and receive data from Facebook. The application notified Facebook of each Zoom opening, and also reported the device model, time zone and city from which the connection was made, the name of the service provider and the unique advertising identifier generated by the mobile device used by companies for targeted advertising.

“Zoom takes the privacy of its users very seriously. We implemented the authorization function via Facebook using the Facebook SDK in order to provide users with another convenient way to access the platform. However, we recently learned that the Facebook SDK collects optional data about the device. The data collected by the Facebook SDK does not include user’s personal information, but device data, such as type and version of the mobile OS, time zone, device model and carrier, screen size, processor core and disk space”, — Zoom representatives said in a commentary to the publication in Motherboard.

The developers promised to remove the Facebook SDK and reconfigure the function so that users can continue to log in to Zoom through Facebook. Users will need to install the new version of the application on their own.

Recall that last summer, Vulnerability in the video conferencing platform Zoom endangered more than 4 million Mac owners. At the same time, the developers of the video platform were in no hurry to fix bugs, until users pressed them through the media and social networks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button