Show vulnerabilities with patch / with exploit
31 March 2020

Hackers are exploiting Zoom’s increasing popularity to spread malware


Hackers are exploiting Zoom’s increasing popularity to spread malware

While the world is struggling with the coronavirus pandemic, hackers are trying to take advantage of users who want to use online communication platforms such as Zoom to keep in contact with friends, family, or colleagues during the ongoing COVID-19 outbreak.

Zoom is a cloud-based video conferencing platform that can be used for video conferencing meetings, audio conferencing, webinars, meeting recordings, and live chat. Since the beginning of the year, the number of Zoom users has grown rapidly as millions of people are now working from home. It's estimated that the company has added 2.22 million monthly active users so far in 2020, while in all of 2019 it added 1.99 million users.

According to Check Point researchers, over the past few weeks they have observed a sharp spike in new domain registrations with names including “Zoom”. The researchers say that since the beginning of the year, more than 1700 new domains were registered, with 25 percent of them registered in the past week alone. Out of these registered domains, 4 percent appear suspicious, Check Point says.

The researchers also discovered malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe”, which, when executed, will install the InstallCore PUA (a potentially unwanted application) on the victim’s computer which could potentially lead to additional malware infections.

However, Zoom is not the only videoconferencing or communications app targeted by cyber criminals. Check Point says that new phishing websites have been detected for every other leading communications apps, including classroom.google.com.

Back to the list

Latest Posts

Vulnerability summary for the week: May 29, 2020

Vulnerability summary for the week: May 29, 2020

Weekly vulnerability digest.
29 May 2020
Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

Japan defense data may have leaked after cyber attack on Japanese telecommunications giant NTT

NTT Communications said hackers gained access to its internal network and stole information on 621 customers.
29 May 2020
Sandworm hacking group exploiting Exim flaw since at least 2019

Sandworm hacking group exploiting Exim flaw since at least 2019

The NSA is urging system administrators to update Exim by installing version 4.93 or newer to mitigate the vulnerability.
29 May 2020