Hackers bundling malicious files inside legitimate Zoom installers

Security researchers have discovered that hackers are now installing plenty of malware in the legitimate video conferencing service Zoom to infiltrate devices of users downloading the app.

Zoom, that has been among the most popular video conferencing services worldwide, recently saw an astronomical rise in worldwide adoption thanks to lockdowns imposed in a large number of countries due to the COVID-29 outbreak.

Researchers at security firm Trend Micro recently discovered that cyber criminals are now trying to exploit the global demand for video conferencing services to target as many devices as possible by hijacking legitimate video conferencing solutions.

The researchers noticed that hackers are now trying to install malicious cryptocurrency files in the legitimate Zoom installer to infect devices. “We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zoom’s official download center, and are assumed to come from fraudulent websites,” They said.

Furthermore, they mentioned that the sidden rise in demand for conferencing solutions did not give service providers enough time to secure their applications and hackers are taking advantage of emerging security flaws. “The sudden need to transition to a work-from-home setup left enterprises with little time to ramp up security measures to ensure that it fits the requirements demanded by remote work. It also exposes businesses to possible compromise due to threat actors abusing tools like video conferencing apps to propagate malware.”

“Users are advised to only download installers from applications’ official websites to avoid such compromise. Users should also follow best practices for securing work-from-home setups. A multilayered protection approach is also recommended to effectively detect and block threats regardless of where they are in the system,” the researchers added.

Organisations mist run endpoint detection software across all systems to detect malware

Commenting on cyber criminals exploiting the increasing demand for remote working solutions, Marcus Moreno, manager of threat research at Webroot, told TEISS that “as businesses scurried to setup their employees to work from home, Zoom has quickly risen as the easy, go-to platform for video conferencing. It’s not surprising to see this trend. As with any major current event, malicious actors observe this as a lure opportunity. I'd expect to see this trend continue not only for Zoom, but also for any other platform or site that has seen an increase of traffic or use as a result of this pandemic.”

Javvad Malik, Security Awareness Advocate at KnowBe4, said that like many attacks, the criminals are favouring a social engineering ploy in order to trick unsuspecting users into installing a malware-laden version of the software. It serves as a stark reminder as to why security awareness and training is more important than before with remote users being targeted more than before.

"It's vital that users are aware of the threats of phishing and the correct process to follow in order to get any form of software. Users should refer to their IT teams when in doubt as to the official sources to download any software, and report any suspected phishing emails," he added.

According to Marco Essomba, founder of BlockAPT, millions of workers that have been rushed home to work remotely in the face of this pandemic are still coming to terms with the new cyber threats that face them. And adversaries know it. Not only is there uncertainty about how to defend against it, but who is responsible for doing so.

"Organisations should implement an extra layer of protection by running an endpoint detection software across all devices. This will provide protection against unauthorised malware and other types of malicious programs from executing on employee devices. From the perspective of the individual user, keeping your Zoom software updated with the latest version and patches mitigates against most of these threats," he added.

ALSO READ: Zoom allegedly collecting detailed personal data of millions of users

MORE ABOUT: ,