Due to on going coronavirus pandemic the world has shifted towards video conferencing to socialize with friends or for studies and, Zoom is one of the famous video conferencing software which is committed to providing safety, security, and privacy to its users. The hackers were able to spread malware through fake Zoom downloader to gain remote connection to it’s victims.
People are suffering worldwide because of the coronavirus pandemic and the lockdowns. Hence, in this situation the whole world wants to stay safe and secure, they would commit to doing work remotely. While people are stuck in their homes, they can still stay connected to their relatives and co-workers through video conferencing software like Google meet, Skype, Zoom, etc. Cybercriminals are taking advantage of this situation and attacking remote workers by establishing a backdoor in Zoom downloader. If the users carefully download the Zoom from official sources they would stay safe and secure.
The people would commit to doing work from their homes and that is the need for time. The researchers of the Cybersecurity Company “TrendMicro” detected that the attackers tried to infect the remote workers by installing RevCode WebMonitor RAT.
Furthermore, the researchers were worried about the fact that the downloads came from malicious third-party websites; however, the Zoom’s own download center or any official app stores doesn’t release any compromised software. The victims are stressed about the malicious downloads which are sent in phishing emails and other messages by the cybercriminals.
The attackers were succeeded to gain access to the Zoom video conferencing software as well as to the WebMonitor remote access tool just after the malicious file was downloaded. Additionally, the malicious file established a backdoor through which the cybercriminals access to the personal information of the user such as:
- Recording webcam streams
- Taking screenshots
Hence, the cybercriminals also monitor all the activities of the infected system.
The WebMonitor is a remote monitoring service via a Web browser that executes its termination in a virtual environment. Since mid-2017, the RAT (Remote Administration Tool) has been available on underground forums and also provides remote monitoring services.
If the versions of Zoom software installed and it didn’t work, it would point out that something was wrong. The Cybersecurity Researchers noted that the Zoom with version 4.6 is a sign of a malicious file. The official Zoom software is running version 5.0, so the version used in the attack is now out of date. The cybercriminals kept eyes on Zoom Video Conferencing software as it became popular among remote workers within a few months. For legitimate software, the malware was hidden inside a downloader and that’s the strategy used by the cybercriminals for attacking.
Before downloading, To keep yourself safe users have to make sure they’re downloading it from valid and official source.