Hackers have found yet another way to target the work-from-users, by bundling yet another malicious code with the Zoom messaging app.
Yet another threat:
The Zoom app was found bundled with malicious code, infecting the users with a Remote Access Trojan (RAT).
- In late-April 2020, the legitimate installer of the Zoom app was found bundled with RevCode WebMonitor RAT.
- The malicious version of the app is available only at third-party or peer-to-peer shared versions of Zoom. The apps available on Zoom’s download center, and official apps stores like Google Play Store and Apple App Store were not found malicious.
- This malicious package contains Zoom App version 4.6, while the official app stores now offer the Zoom App version 5.0.
The WebMonitor story:
WebMonitor RAT has its own interesting twist.
- WebMonitor has been developed as a commercial product by the Sweden-based company ‘Revcode’, and they claim it to be a legitimate security testing product.
- At the same time, it is also available for sale on several underground forums on Dark Web for €14.99 – €29.99, where it is being marketed as a malware.
Other malware associated with Meeting apps:
This is not the first time hackers are trying to take advantage of the boom in Metting apps.
- In early April 2020, a malicious coinminer script (Trojan.Win32.MOOZ.THCCABO) was found bundled with the legitimate installer of the Zoom app.
- According to an analysis by Kaspersky, within April 2020, around 120,000 suspicious malware and adware packages have been found in the wild, masquerading as versions of the video calling app.
- The same report suggests that Skype is the most targeted brand among all video calling apps, followed by Zoom, WebEx, GoToMeeting, Flock, and Slack.
To stay safe from such malicious apps, users should always trust only the genuine app stores and avoid all downloads from third-party and P2P networks. Also, keeping the apps and OS updated can also help avoid the exploitation of known vulnerabilities.