Hackers Are Bundling Cryptominer With a Seemingly Legit Zoom Installer on Unofficial Websites

Recently, Zoom has remained present in the news world owing to numerous security issues with their app. While they managed to address most of them, they couldn’t stop the hackers from exploiting the app’s fame. Cybercriminals have now targeted the video conferencing app Zoom owing to its growing popularity amidst COVID-19 and have bundled a seemingly legit Zoom installer with a cryptominer to exploit users.

Cryptominer Bundled With Zoom

Researchers from Trend Micro have found cybercriminals targeting the Zoom app installer with a cryptominer. As revealed in their post, hackers have bundled the legit Zoom installer, available on unofficial websites, with Coinminer.

In brief, whenever a user attempts to download the Zoom app from a malicious third-party website, the malware reaches their device together with the installer. The bundled AutoIt compiled malware Trojan.Win32.MOOZ.THCCABO drops numerous files to the device, most of which carry Coinminer. The dropped files also include a task scheduler and the legit Zoom installer for version 4.4.0.0.

The malware gathers various details from the target device regarding the operating system, GPU, CPU, video controllers, and processors.

Furthermore, it also checks the system for the presence of Microsoft SmartScreen, Windows Defender, and some other popular antivirus solutions. It also attempts to evade detection by looking for other monitoring tools.

Following this discovery, Trend Micro reached out to Zoom officials to inform them of the matter. As stated in their post,

We have been working with Zoom to ensure that they are able to communicate this to their users appropriately.

What Should You Do?

Considering that the hackers have only meddled with the installer available on unofficial websites, users should stick to the official website only for downloading Zoom. In fact, this applies to every software or app that the users wish to install.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil