1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These fake Zoom websites want to trick you into downloading malwa

    From TechnologyDaily@1337:1/100 to All on Fri Sep 23 22:45:04 2022
    These fake Zoom websites want to trick you into downloading malware

    Date:
    Fri, 23 Sep 2022 21:32:03 +0000

    Description:
    Make sure you're downloading your Zoom clients from a legitimate source.

    FULL STORY ======================================================================

    If youre looking to download the video conferencing platform Zoom, make sure you double-check the internet address youre downloading from, because there are plenty of fake websites out there spreading all kinds of nasty viruses
    and malware.

    Researchers from Cyble have been investigating reports of a widespread campaign targeting potential Zoom users, and have so uncovered six fake install sites that host various infostealers and other malware variants.

    One of the infostealers uncovered was Vidar Stealer, capable of stealing banking information, stored passwords , browser history, IP addresses,
    details about cryptocurrency wallets and, in some cases, MFA information, as well. Multiple campaigns

    "Based on our recent observations, [criminals] actively run multiple
    campaigns to spread information stealers," the researchers said . "Stealer Logs can provide access to compromised endpoints, which are sold on
    cybercrime marketplaces. We have seen multiple breaches where stealer logs have provided the necessary initial access to the victim's network."

    The six sites uncovered are zoom-download[.]host; zoom-download[.]space, zoom-download[.]fun, zoomus[.]host, zoomus[.]tech, and zoomus[.]website and, according to The Register , are still operational. Read more

    Your Microsoft Teams or Zoom calls could be getting hacked in a really
    bizarre way


    Zoom is adding its own tiny metaverse for private meetings


    Check out the best antivirus software around

    The visitors would be redirected to a GitHub URL that shows which
    applications they can download. If the victim chooses the malicious one, they receive two binaries in the temp folder: ZOOMIN-1.EXE and Decoder.exe. The malware also injects itself into MSBuild.exe and pulls IP addresses hosting the DLLs, as well as configuration data, it was said.

    "We found that this malware had overlapping Tactics, Techniques, and Procedures (TTPs) with Vidar Stealer," the researchers wrote, adding that, like Vidar Stealer, "this malware payload hides the C&C IP address in the Telegram description. The rest of the infection techniques appear to be similar."

    The best way to avoid this malware is to double-check where youre getting
    your Zoom programs from. These are the best firewalls around

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-fake-zoom-websites-want-to-trick-you-into -downloading-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)