Cyber criminals are trying a new trick to cash in on Zoom's popularity

As remote working becomes the norm because of coronavirus, cyber attackers are taking advantage by tricking people into downloading malware.
Written by Danny Palmer, Senior Writer

Cyber criminals are bundling malware inside installers of video-conferencing application Zoom in an effort to lure victims into unwittingly infecting their computers with malicious software.

As the coronavirus outbreak forces organisations around the world to shift towards remote working, Zoom has become the top choice of video-conferencing software for people – both when it comes to work and socialising.

However, Zoom's sudden growth in popularity has also drawn the attention of criminals who have now focused on trying to trick users whether that's through phishing attacks, attempting to stealing credentials or other online theft.

Now researchers at Trend Micro have uncovered cyber criminals looking to exploit Zoom by bundling cryptocurrency-mining malware inside a legitimate installer for the video-conferencing software.

SEE: Coronavirus: Effective strategies and tools for remote work during a pandemic

"The sudden need to transition to a work-from-home setup left enterprises with little time to ramp up security measures to ensure that it fits the requirements demanded by remote work," the security company said.

The trojan horse Zoom downloads don't come from any official sources, but rather third-party fraudulent websites that are attempting to take advantage of the popularity of Zoom.

While these downloads will install a functional version of Zoom – which helps to avoid any suspicion from the user – it also secretly places a coin miner on the machine. It also collects information about the computer's GPU, CPU, operating system, video controllers and processors to help the mining process along.

Coin-mining malware allows the attackers to use the processing power of infected computers to help mine for cryptocurrency, with the idea that the process goes on in the background so as to avoid detection – although aggressive coin mining can result in slowing the system down and even potential damage by overheating it.

The cryptocurrency generated by a single machine won't amount to much, but by infecting a large number of computers with crypto-jacking malware, and having it remain undetected over a long period of time, it can potentially generate a reasonable sum of cryptocurrency for the attackers.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)  

In this case, the malware attempts to avoid detection by checking to see if common antivirus software is on the machine and the coin miner will avoid running if these and certain other system processes are actively being used on the computer.

Trend Micro has informed Zoom about the malicious Zoom installers. ZDNet has attempted to contact Zoom but at the time of writing hadn't received a response.

To avoid falling victim to this coin-mining malware campaign – or any other scheme designed to take advantage of the rise in home working – users are urged to only download installers from applications' official websites.

"Users should be advised to only download installers from applications' official websites to avoid such compromise. Users should also follow best practices for securing work-from-home setups and be running an up to date anti-malware prevention-checking tool," said Ian Heritage, cloud security architect at Trend Micro.


Editorial standards