With WebMonitor RAT, Zoom brings further concerns for users of online meeting software

Hackers have found yet another way to target the work-from-users, by bundling yet another malicious code with the Zoom messaging app.

Yet another threat:

The Zoom app was found bundled with malicious code, infecting the users with a Remote Access Trojan (RAT).
  • In late-April 2020, the legitimate installer of the Zoom app was found bundled with RevCode WebMonitor RAT.
  • The malicious version of the app is available only at third-party or peer-to-peer shared versions of Zoom. The apps available on Zoom’s download center, and official apps stores like Google Play Store and Apple App Store were not found malicious.
  • This malicious package contains Zoom App version 4.6, while the official app stores now offer the Zoom App version 5.0.

The WebMonitor story:

WebMonitor RAT has its own interesting twist.
  • WebMonitor has been developed as a commercial product by the Sweden-based company ‘Revcode’, and they claim it to be a legitimate security testing product. 
  • At the same time, it is also available for sale on several underground forums on Dark Web for €14.99 – €29.99, where it is being marketed as a malware.

Other malware associated with Meeting apps:

This is not the first time hackers are trying to take advantage of the boom in Metting apps. 
  • In early April 2020, a malicious coinminer script (Trojan.Win32.MOOZ.THCCABO) was found bundled with the legitimate installer of the Zoom app.
  • According to an analysis by Kaspersky, within April 2020, around 120,000 suspicious malware and adware packages have been found in the wild, masquerading as versions of the video calling app.
  • The same report suggests that Skype is the most targeted brand among all video calling apps, followed by Zoom, WebEx, GoToMeeting, Flock, and Slack.

Staying Safe:

To stay safe from such malicious apps, users should always trust only the genuine app stores and avoid all downloads from third-party and P2P networks. Also, keeping the apps and OS updated can also help avoid the exploitation of known vulnerabilities.