Skip to main content

These fake Zoom websites want to trick you into downloading malware

If you’re looking to download the video conferencing platform Zoom, make sure you double-check the internet address you’re downloading from, because there are plenty of fake websites out there spreading all kinds of nasty viruses and malware.

Researchers from Cyble have been investigating reports of a widespread campaign targeting potential Zoom users, and have so uncovered six fake install sites that host various infostealers and other malware variants. 

One of the infostealers uncovered was Vidar Stealer, capable of stealing banking information, stored passwords, browser history, IP addresses, details about cryptocurrency wallets and, in some cases, MFA information, as well.

Multiple campaigns

"Based on our recent observations, [criminals] actively run multiple campaigns to spread information stealers," the researchers said. "Stealer Logs can provide access to compromised endpoints, which are sold on cybercrime marketplaces. We have seen multiple breaches where stealer logs have provided the necessary initial access to the victim's network."

The six sites uncovered are zoom-download[.]host; zoom-download[.]space, zoom-download[.]fun, zoomus[.]host, zoomus[.]tech, and zoomus[.]website and, according to The Register, are still operational.

The visitors would be redirected to a GitHub URL that shows which applications they can download. If the victim chooses the malicious one, they receive two binaries in the temp folder: ZOOMIN-1.EXE and Decoder.exe. The malware also injects itself into MSBuild.exe and pulls IP addresses hosting the DLLs, as well as configuration data, it was said. 

"We found that this malware had overlapping Tactics, Techniques, and Procedures (TTPs) with Vidar Stealer," the researchers wrote, adding that, like Vidar Stealer, "this malware payload hides the C&C IP address in the Telegram description. The rest of the infection techniques appear to be similar."

The best way to avoid this malware is to double-check where you’re getting your Zoom programs from.

Via: The Register



Source: TechRadar

Popular posts from this blog

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course

Yandex spins out self-driving car unit from its Uber JV, invests $150M into newco

Self-driving cars are still many years away from becoming a ubiquitous reality, but today one of the bigger efforts to build and develop them is taking a significant step out as part of its strategy to be at the forefront for when they do. Yandex — the publicly-traded Russian tech giant that started as a search engine but has expanded into a number of other, related areas (similar to US counterpart Google) — today announced that it is spinning out its self-driving car unit from MLU BV — a ride-hailing and food delivery joint venture it operates in partnership with Uber. The move comes amid reports that Yandex and Uber were eyeing up an IPO for MLU  last year. At the time, the JV was estimated to be valued at around $7.7 billion. It’s not clear how those plans will have been impacted in recent months, with COVID-19 putting huge pressure on ride-hailing and food-delivery businesses globally, and IPOs generally down compared to a year ago. In that context, spinning out the unit could

Elon Musk sends yet another notice trying to terminate the Twitter deal

Kristen Radtke / The Verge; Getty Images Elon Musk has sent a third letter to Twitter attempting to terminate his $44 billion acquisition of the company . Musk’s legal team cited Twitter’s multimillion dollar severance payment to former security chief and whistleblower Peiter Zatko as a violation of the merger agreement and a reason to end the deal. The letter, dated September 9th, was sent to Twitter’s chief legal officer Vijaya Gadde, and was included in a filing Twitter made with the SEC on Friday (which you can read at the bottom of this article). Last month, Zatko made headlines by accusing Twitter of misleading investors about the number of bots on the service, failing to delete users’ data, and having poor security practices, among other things. Musk jumped on the accusations, citing them in his second termination letter and subpoenaing Zatko to testify in the lawsuit. Zatko was set to be deposed on Friday. Elon Musk sent his first letter of termination in July , say