While the world is struggling with the coronavirus pandemic, hackers are trying to take advantage of users who want to use online communication platforms such as Zoom to keep in contact with friends, family, or colleagues during the ongoing COVID-19 outbreak.
Zoom is a cloud-based video conferencing platform that can be used for video conferencing meetings, audio conferencing, webinars, meeting recordings, and live chat. Since the beginning of the year, the number of Zoom users has grown rapidly as millions of people are now working from home. It's estimated that the company has added 2.22 million monthly active users so far in 2020, while in all of 2019 it added 1.99 million users.
According to Check Point researchers, over the past few weeks they have observed a sharp spike in new domain registrations with names including “Zoom”. The researchers say that since the beginning of the year, more than 1700 new domains were registered, with 25 percent of them registered in the past week alone. Out of these registered domains, 4 percent appear suspicious, Check Point says.
The researchers also discovered malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe”, which, when executed, will install the InstallCore PUA (a potentially unwanted application) on the victim’s computer which could potentially lead to additional malware infections.
However, Zoom is not the only videoconferencing or communications app targeted by cyber criminals. Check Point says that new phishing websites have been detected for every other leading communications apps, including classroom.google.com.