If you want to download the video conference (opens in new tab) Platform Zoom, make sure you double check the internet address you are downloading from as there are many fake websites that spread all kinds of nasty viruses and malware.
Cyble researchers have investigated reports of a widespread campaign targeting potential Zoom users, uncovering six fake installer pages hosting various infostealers and other malware variants.
One of the infostealers uncovered was Vidar Stealer, which is capable of stealing banking information, saved passwords, browsing history, IP addresses, cryptocurrency wallet details, and in some cases, MFA information as well.
“Based on our recent observations [criminals] actively running multiple campaigns to spread information thieves,” the researchers said (opens in new tab). “Stealer logs can provide access to compromised endpoints that are sold on cybercrime marketplaces. We have seen multiple security breaches where stealer logs provided the necessary initial access to the victim’s network.”
The six revealed pages are Zoom downloads[.]Host; Zoom download[.]Space, Zoom Download[.]fun, zoomus[.]Host, Zoomus[.]Tech and Zoomus[.]website and acc The registryare still in operation.
Visitors would be redirected to a GitHub URL showing which applications they can download. If the victim chooses the malicious one, they will get two binaries in the temporary folder: ZOOMIN-1.EXE and Decoder.exe. The malware also injects itself into MSBuild.exe and pulls IP addresses hosting the DLLs and configuration data, it said.
“We found that this malware overlaps in tactics, techniques and procedures (TTPs) with Vidar Stealer,” the researchers wrote, adding that “like Vidar Stealer, this malware payload hides the C&C IP address in the telegram description.” . The rest of the infection techniques appear to be similar.”
The best way to avoid this malware is to double check where you get your Zoom programs from.
About: The Register (opens in new tab)
https://www.techradar.com/news/these-fake-zoom-websites-want-to-trick-you-into-downloading-malware These fake Zoom websites want to trick you into downloading malware