The contents of the malicious fileįigure 3. Legitimate Zoom installer version 4.4.0.0įigure 2. The files it drops include the following:Īrchive file containing ĬR_Debug_Log.txt (asacpiex.dll with the first 5 bytes replaced) Users who attempt to download the installer get more than what they bargain for as they instead download the AutoIt compiled malware. Code snippets of 64.exe (a coinminer) bundled with a Zoom installer Analysis of the malicious file We have been working with Zoom to ensure that they are able to communicate this to their users appropriately.įigure 1.
The compromised files are not from Zoom’s official download center, and are assumed to come from fraudulent websites. We found a Coinminer bundled with the legitimate installer of video conferencing app Zoom, luring users who want to install the software but end up unwittingly downloading a malicious file. Unfortunately, cybercriminals are taking advantage of these tools’ recent time in the spotlight to spread malware.
These platforms have been utilized by companies and remote workforces to hold meetings and for other communication needs even long before the virus outbreak occurred. This new setup has highlighted the usefulness of video conferencing apps. Many companies around the world have transitioned to work-from-home arrangements because of growing concerns over the COVID-19 global health crisis.
0 kommentar(er)
