Hackers exploiting Zoom, Google Hangouts to Spread Malware

Amid covid-19, need to work from home has become a necessity giving rise to popularity of platforms such as Zoom.  

A per report published by Check Point over 1,700 new “Zoom” domains have been registered since the onset of the pandemic in January, with 25 percent of the domains registered in the past seven days alone. 70 of these domains are classified as “suspicious” websites, likely to be created with malicious intent to spread malware.

Files with the name “zoom-us-zoom_##########.exe, are malicious files discovered by researchers.  which when executed, installed potentially unwanted programs (PUPs) such as InstallCore, known to install more than one threatening malware.Whenever we get a Zoom link or document, it’s a good idea to be careful and make sure it’s not a trap with lookalike domains containing spelling errors.

 It is also observed that Zoom is not the only platform targeted, other platforms such as Google Hangouts, Google Classroom (e.g., googloclassroom\.com and googieclassroom\.com) are also targeted to trick unsuspecting users into downloading malware.

Zoom has now patched the security vulnerability and implemented tighter security measures, such as password-protected meetings. It is essential that the apps are kept up-to-date and to be on the lookout for emails from unknown senders and lookalike domains that contain spelling errors. It is also wise to not open unknown attachments or click on promotional links in the emails.