- Sep 5, 2017
- 1,168
Attackers are taking advantage of the increased popularity of the Zoom video conferencing service to distribute installers that are bundled with malware and adware applications.
As people are spending more time indoors and performing physical/social distancing, many have started using Zoom meetings for remote work, exercise classes, and virtual get-togethers.
Knowing this, threat actors have started distributing Zoom client installers bundled with malware such as Coinminers, Remote Access Trojans, and adware bundles.
Today, TrendMicro reports that they have found a Zoom Installer being distributed that will also install a cryptocurrency miner on the victim's computer.
"We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zoom’s official download center, and are assumed to come from fraudulent websites. We have been working with Zoom to ensure that they are able to communicate this to their users appropriately."
When installed, this malware will attempt to use your GPU and CPU to mine for the Monero cryptocurrency, which will cause your computer to become slower, potentially overheat, and potentially damage the hardware in your computer.
Other Zoom client installers found by BleepingComputer are being distributed with unwanted software bundles or Remote Access Trojans.
For example, the below Zoom Installer is targeting German users with other unwanted "offers" along with the Zoom client.
Another malicious Zoom Installer will install the njRAT Remote Access Trojan, otherwise known as Bladabindi, that will give the attacker full access to the infected victim's computer.
This would allow the attacker to steal your data, take screenshots with your webcam, or execute commands to download and install other malware.
As most of these malware samples, ultimately install the Zoom client, users are not aware that other malicious applications were installed on their computer as well.
To prevent this, always download the Zoom client from the official Zoom download section or when prompted by a Zoom meeting invite on the Zoom.us site.
Downloading from any other location only greatly increases the chance you will become infected.
As people are spending more time indoors and performing physical/social distancing, many have started using Zoom meetings for remote work, exercise classes, and virtual get-togethers.
Knowing this, threat actors have started distributing Zoom client installers bundled with malware such as Coinminers, Remote Access Trojans, and adware bundles.
Today, TrendMicro reports that they have found a Zoom Installer being distributed that will also install a cryptocurrency miner on the victim's computer.
"We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. The compromised files are not from Zoom’s official download center, and are assumed to come from fraudulent websites. We have been working with Zoom to ensure that they are able to communicate this to their users appropriately."
When installed, this malware will attempt to use your GPU and CPU to mine for the Monero cryptocurrency, which will cause your computer to become slower, potentially overheat, and potentially damage the hardware in your computer.
Other Zoom client installers found by BleepingComputer are being distributed with unwanted software bundles or Remote Access Trojans.
For example, the below Zoom Installer is targeting German users with other unwanted "offers" along with the Zoom client.
Another malicious Zoom Installer will install the njRAT Remote Access Trojan, otherwise known as Bladabindi, that will give the attacker full access to the infected victim's computer.
This would allow the attacker to steal your data, take screenshots with your webcam, or execute commands to download and install other malware.
As most of these malware samples, ultimately install the Zoom client, users are not aware that other malicious applications were installed on their computer as well.
To prevent this, always download the Zoom client from the official Zoom download section or when prompted by a Zoom meeting invite on the Zoom.us site.
Downloading from any other location only greatly increases the chance you will become infected.
