The coronavirus-led lockdown has forced people to work from homes. Remote working involves using a variety of video-conferencing and communication mediums like Zoom or Microsoft Teams. This compulsion has provided cybercriminals the perfect opportunity to carry out their malicious activities more passionately.
That’s why Zoom is being actively targeted by hackers in the past few weeks. These attacks involve Zoomboming or spreading malware hidden in fake Zoom apps. And now, Trend Micro has identified yet another attack campaign targeting Zoom users.
According to Trend Micro cybersecurity researchers, cybercriminals are using malicious Zoom installers to distribute RevCode WebMonitor RAT (remote access tool). However, researchers have confirmed that these installers, although authentic, doesn’t come from official sources such as Google Play, Apple App Store, or Zoom’s official download center.
The infected Zoom installers are available at third-party websites and victims are sent malicious links via phishing emails. This campaign is somewhat similar to another campaign that was discovered in April. In that campaign, legit Zoom installers were used to infect devices with a cryptocurrency miner.
In the new campaign, cybercriminals have repackaged authentic Zoom installers with WebMonitor RAT. When someone downloads ZoomInstaller[.]exe, which contains an uninfected Zoom installer version 4.6 and the malicious RevCode WebMonitor RAT, the device gets infected with the RAT.
Amidst rising concerns over the use of Zoom for remote working, Zoom has updated its OS to version 5.0, which is touted to be far superior to the older versions in terms of privacy and security.
If you use Zoom, make sure it’s updated to the latest version only use legitimate distribution channels like Google Play to download Zoom. Moreover, install and scan your device with authentic antivirus software.