Botnets Playing Peekaboo in Fake Zoom Installers

Two malware samples have been discovered that pose as Zoom installers but instead, contain backdoor and botnet capabilities. 

What is happening

Cybercriminals are not letting go of any opportunity to take advantage of the global pandemic. As employees are working remotely, they are leveraging collaboration platforms to spread malware. The malicious fake installers have been found to contain backdoor capabilities. However, these are spread through unofficial distribution channels.

The malware variants

  • One malware was found to have backdoor capabilities that enable actors to gain remote access.
  • The other one involves the installation of Devil Shadow botnet on compromised devices. 

Security concerns regarding Zoom

This is not the first time that Zoom has faced threats endangering user privacy and security.
  • Last month, Zoom was found to be riddled with critical security bugs.
  • According to some reports, Zoom did not provide end-to-end encryption, making user calls vulnerable.
  • Zoom was also caught sending data to Facebook for advertisement purposes. 
  • In another malware campaign, Zoom was repackaged with WebMonitor RAT.

What experts are saying

  • Security researchers have dubbed Zoom as a privacy disaster and fundamentally corrupt due to the alleged mishandling of data by the company.
  • Zoom has also been criticized for its attention tracking feature that permits a host to see if a user clicks away from a Zoom window for 30 seconds or more.

Worth noting

  • With the malware payload containing Devil Shadow, the attackers also send a copy of the official Zoom installer to deceive victims.
  • The tampered app installer deploys malicious codes and archive and the commands for communication and persistence.

In essence

Remote workers are highly prone to phishing emails during the lockdown with hackers aiming to steal data. Despite the majority of workers like working from home, security measures need to be improved.