Hackers are exploiting Zoom’s increasing popularity to spread malware

Hackers are exploiting Zoom’s increasing popularity to spread malware

While the world is struggling with the coronavirus pandemic, hackers are trying to take advantage of users who want to use online communication platforms such as Zoom to keep in contact with friends, family, or colleagues during the ongoing COVID-19 outbreak.

Zoom is a cloud-based video conferencing platform that can be used for video conferencing meetings, audio conferencing, webinars, meeting recordings, and live chat. Since the beginning of the year, the number of Zoom users has grown rapidly as millions of people are now working from home. It's estimated that the company has added 2.22 million monthly active users so far in 2020, while in all of 2019 it added 1.99 million users.

According to Check Point researchers, over the past few weeks they have observed a sharp spike in new domain registrations with names including “Zoom”. The researchers say that since the beginning of the year, more than 1700 new domains were registered, with 25 percent of them registered in the past week alone. Out of these registered domains, 4 percent appear suspicious, Check Point says.

The researchers also discovered malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe”, which, when executed, will install the InstallCore PUA (a potentially unwanted application) on the victim’s computer which could potentially lead to additional malware infections.

However, Zoom is not the only videoconferencing or communications app targeted by cyber criminals. Check Point says that new phishing websites have been detected for every other leading communications apps, including classroom.google.com.

Back to the list

Latest Posts

AI voice impersonator posed as US Secretary of State Marco Rubio to contact foreign ministers

AI voice impersonator posed as US Secretary of State Marco Rubio to contact foreign ministers

The impersonator contacted the targets in mid-June using the encrypted messaging app Signal.
9 July 2025
DoNot APT targets European foreign affairs ministry in espionage campaign

DoNot APT targets European foreign affairs ministry in espionage campaign

The attack used a malicious Google Drive link, which delivered a RAR archive containing malware previously linked to the DoNot APT.
9 July 2025
Microsoft fixes over 130 flaws, no actively exploited zero-days

Microsoft fixes over 130 flaws, no actively exploited zero-days

Among the fixes is a patch for a previously disclosed vulnerability in Microsoft SQL Server.
9 July 2025