Hackers taking advantage of the video conferencing apps like Zoom to infect systems with malicious routines.
Security researchers from Trend Micro observed two malware samples that pose as Zoom installers but when decoded it contains malware.
The malicious fake installer not distributed through official distribution channels.
Fake Zoom Installers
With the two malware samples, one found installing a backdoor that allows attackers to gain access remotely, another one is the Devil Shadow botnet in devices.
The malicious installer resembles closer to the official version, it contains encrypted files that will decrypt the malware version.
The malware kills all the running remote utilities upon installation and opens TCP port 5650 to gain remote access to the infected system.
It notifies the command and control (C&C) server that email has been set up, stolen credentials, and flag the infected machine ready to access. The fake installer also runs an official zoom installer to avoid suspicion.
Check for more detail:- https://gbhackers.com
Kommentare