Post Now

Severe Security Threat Targets Zoom Users

Image

Multiple security flaws have been found in a video call platform, zoom, asking users to update their application immediately.

Severe security warning for zoom users. Multiple security flaws have been found in a video call platform, zoom, asking users to update their application immediately.

The researcher notified the creation of multiple fake zoom sites. All the sites have the same user interface. These sites aim to spread malware and pretend to be legitimate zoom apps.

According to an Indian Computer Emergency Response Team(CERT-In) that deals with cyber security threats, zoom vulnerabilities allow remote hackers to join meeting without appearing to other participants.

If successfully breached, attackers, can gain access to audio and video feeds of meeting they were not permitted to attend and "cause other meeting disruptions". Also, they access other information shared during audio or video call. The categorization of vulnerability is 'medium'.

  • Attackers create a fake zoom site.
  • Fake zoom sites redirect to the GitHub URL in the backend to download the malicious app.
  •  During execution, the malicious application drops two binaries in a temporary folder:

                            ZOOMIN~1.EXE

                            Decoder.exe                    

  •  Decoder.exe is a malicious .NET binary that injects stealer code into MS Build.exe(Microsoft Build engine) used to build apps. A legitimate zoom installer launches in a clean file ZOOMIN~1.EXE.
  • After injecting it into MS Build.exe, it will extract IP addresses that host the DLLs and configuration data. Malware uses some URLs to remove IP addresses. Attackers have used this technique to hide Command and Control(C&C) IP addresses.
  • The malware receives the configuration data and DLLs from the Command and Control servers. This malware payload hides the C&C IP addresses with other app descriptions. The rest of the techniques appear similar.

This attack is to target zoom users. The observation states that there are multiple campaigns spreading information stealers. Stealer logs can provide access to the victim's network. So before downloading any source, try to identify its legitimacy.

Steps to ensure security:-

  1. Keep apps updated. Turn on automatic software update features.
  2. Use strong passwords and multifactor authentication.
  3. Without verifying authenticity, don't open untrusted links and email attachments.
  4. Use reputed anti-virus and internet security software packages on devices.
  5. Avoid downloading software from torrent websites. "tools" present on sites such as youtube and torrent sites contain malware.
  6. Educate employees to protect themselves from threats.

For the latest cyber threats and the latest hacking news please follow us on FacebookLinkedin, and Twitter.

You may be interested in reading: How to Survive the COVID Time Cyber ​​Security Threats?