{"id":8840,"date":"2020-05-22T02:22:34","date_gmt":"2020-05-21T23:22:34","guid":{"rendered":"https:\/\/forklog.media\/?p=8840"},"modified":"2020-05-23T00:16:45","modified_gmt":"2020-05-22T21:16:45","slug":"zoom-users-fall-victim-to-personal-data-stealing-malware-research-says","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/zoom-users-fall-victim-to-personal-data-stealing-malware-research-says\/","title":{"rendered":"Zoom Users Fall Victim to Personal Data Stealing Malware, Research Says"},"content":{"rendered":"<p>Cybercriminals continue to invent new methods to get access to users\u2019 personal information following popular trends in the corporate world. Researchers from Trend Micro have <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/backdoor-devil-shadow-botnet-hidden-in-fake-zoom-installers\/\">found<\/a> two new malware files disguised as installers for Zoom, a video communications app that has seen extreme demand from users around the world following the spread of the coronavirus pandemic.<\/p>\n<p><!--more--><\/p>\n<p>With companies being forced to temporarily close their offices and let staff work from home, they have turned to video calls to communicate with their colleagues. Moreover, some people even began organizing weddings, yoga classes, educational courses, and other events on the app.<\/p>\n<h2>Remote Execution of Commands at Any Given Point<\/h2>\n<p>The global admiration for Zoom has brought about bad actors taking advantage of it and developing new ways to infect users\u2019 computer systems. Once downloaded and installed, one of the malicious files that mimics the Zoom installer sets up a backdoor that enables criminals to initiate malicious processes remotely.<\/p>\n<blockquote><p><em><strong>\u201cLooking into the disassembled functions of the added notification registry, it showed that the strings contained configurations and values used to notify the command and control server that the email has been set up, credentials of the user have been stolen, and flag the infected machine as ready for access,\u201d <\/strong>the analysis further explained.<\/em><\/p><\/blockquote>\n<p>The other file installs the so-called Devil Shadow botnet in devices. The Devil Shadow botnet contains malicious commands. The malware continues running on the system even after the installation and is programmed to take screenshots of the user\u2019s desktop and active windows. Also, it scans the system for any connected webcams.<\/p>\n<p>The malware sends stolen data to the command and control server every 30 seconds.<\/p>\n<p>The authors of the analysis warn that the malicious files disguised as Zoom installers do not relate to Zoom\u2019s official installation distribution channels, they come from untrusted sources. Additionally, it takes more time for fake versions to run as they extract the malicious components before launching Zoom.<\/p>\n<h2>Other Security Concerns Surrounding Zoom<\/h2>\n<p>This is not the first time for security issues to circulate around the popular application. Last month, <a href=\"https:\/\/forklog.com\/en\/zoom-and-gloom-use-it-to-your-own-peril\/\">an array of debilitating bugs were pointed out<\/a> by cybersecurity researcher Patrick Wardle.<\/p>\n<p>According to Wardle, the exploits he managed to uncover allowed attackers to exploit Zoom\u2019s installer to basically hijack a user\u2019s Mac. That could allow the attacker to record all Zoom calls or even access the user\u2019s mic and cam at any moment.<\/p>\n<p>Moreover, some reports <a href=\"https:\/\/theintercept.com\/2020\/03\/31\/zoom-meeting-encryption\/\">claimed<\/a> that Zoom did not, in fact, provide end-to-end encryption, which had made all user calls vulnerable. What\u2019s even more egregious is that <a href=\"https:\/\/www.vice.com\/en_us\/article\/k7e599\/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account\">Zoom was caught sending data<\/a> to Facebook for advertising purposes.<\/p>\n<p>Meanwhile, a new study by business software site Capterra <a href=\"https:\/\/www.capterra.co.uk\/blog\/1537\/cyber-attack-increase-in-phishing-due-to-coronavirus\">revealed<\/a> that remote workers have also become greatly exposed to phishing emails during the lockdown, with hackers aiming to steal users\u2019 passwords. Capterra pointed out that \u201cdespite the majority of workers stating they are pleased with working from home, the adoption of security measures still has room for improvement.\u201d<\/p>\n<p><i>Written by Ana Alexandre<\/i><\/p>\n<p><b>Follow us on\u00a0<\/b><a href=\"https:\/\/twitter.com\/forklogmedia\"><b>Twitter<\/b><\/a><b>\u00a0and\u00a0<\/b><a href=\"https:\/\/www.facebook.com\/forklogmedia\"><b>Facebook<\/b><\/a><b>\u00a0and join our\u00a0<\/b><a href=\"https:\/\/t.me\/forklogmedia\"><b>Telegram channel<\/b><\/a><b>\u00a0to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals continue to invent new methods to get access to users\u2019 personal information following popular trends in the corporate world. Researchers from Trend Micro have found two new malware files disguised as installers for Zoom, a video communications app that has seen extreme demand from users around the world following the spread of the coronavirus [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8842,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[573,148,1108],"class_list":["post-8840","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-privacy","tag-security","tag-zoom"],"aioseo_notices":[],"amp_enabled":true,"views":"879","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=8840"}],"version-history":[{"count":2,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8840\/revisions"}],"predecessor-version":[{"id":8844,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/8840\/revisions\/8844"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/8842"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=8840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=8840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=8840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}