If you want to download a video conference (opens in a new tab) Platform zoom, make sure you double check the web address you are downloading from as there are many fake websites spreading all kinds of nasty viruses and malware.
Cyble researchers investigated reports of a widespread campaign targeting potential Zoom users, and thus discovered six fake installation sites that host various information-stealers and other malware variants.
One of the information thieves detected was Vidar Stealer, capable of stealing banking information, stored passwords, browser history, IP addresses, cryptocurrency wallet details, and in some cases MFA information as well.
Multiple campaigns
“Based on our recent observations [criminals] actively conduct many campaigns to disseminate information thieves ”- scientists He said (opens in a new tab). “Thief logs can provide access to compromised endpoints that are traded in cybercrime markets. We have seen many violations where the thief’s logs provided the necessary initial access to the victim’s network. “
The six sites I discovered are zoom-download[.]host; zoom-download[.]space, zoom-download[.]fun, zoomus[.]host, zoomus[.]technique and zoomus[.]website and according Registerstill working.
Visitors would be redirected to a GitHub URL which shows which apps they can download. If the victim selects malicious, they will receive two binaries in the temp folder: ZOOMIN-1.EXE and Decoder.exe. This malware also injects itself into MSBuild.exe and retrieves the IP addresses of hosting DLLs as well as configuration data as it was said.
“We found this malware has overlapping tactics, techniques and procedures (TTP) from Vidar Stealer,” the researchers wrote, adding that like Vidar Stealer, “this malware hides a C&C IP address in Telegram’s description. infection techniques seem to be similar. “
The best way to avoid this malware is to double check where you are getting the Zoom programs from.
By: Register (opens in a new tab)