Zoom Meeting App Draws Hacker Envy Due To Exploding Work-At-Home Growth
Hackers are always on the look out for the "next big thing" to exploit, either by finding vulnerabilities in an app or by latching onto brand recognition. With the coronavirus pandemic, hackers have aimed at certain software platforms that are being used heavily by workers stuck at home. One of the applications that are being increasingly targeted is Zoom. Zoom has seen a significant increase in its user base since the coronavirus outbreak and security researchers have seen a substantial increase in the registration of Zoom-themed domains for malicious purposes.
Zoom is a cloud-based communication platform that can be used for both audio and video conferences, online meetings, chat, and collaboration using a mobile, desktop, or telephone systems. Since the start of 2020, Zoom added 2.22 million new monthly active users. Compare that to 2019, when the company added only 1.99 million users for the entire year. Zoom now has over 12.9 million monthly active users.
Check Point Research has issued a report that says over the last few weeks it has witnessed a significant increase in new domain registrations that include "Zoom," which has become one of the most common video communication platforms globally. Check Point says this is an expected outcome, noting that threat actors are always exploiting the most popular trends and platforms in their attacks.
The research firm says that since the beginning of the year, more than 1,700 new domains were registered, and 25 percent of them were registered in the last week. Out of those domains registered, four percent have been found to contain "suspicious characteristics." The researchers also found malicious files using zoom-us-zoom_##########.exe naming scheme that if executed launch an InstallCore installer that attempts to install unwanted third-party applications or malicious payloads.
InstallCore is known to do things like disable User Access Control and add files to be launched on start up, install browser extensions, or change configuration and settings inside the browser. Zoom isn't alone in being targeted. Check Point also said that other platforms like Google Classroom and Microsoft Teams are being targeted by hackers. Other researchers also discovered Zoom users that were infected with the Neshta file infecting backdoor virus.
In other Zoom news, over the weekend, the company issued an apology after sharing data with Facebook without disclosing it to its users.