Keep all software updated to latest patched versions.Do not download software from any source other than the official source.Block the threat indicators at their respective controls.Since the system downloaded a legitimate Zoom application version (4.6), it won’t make the users suspicious.ħ53418831fcf215fe2d00ed33b9d2f1ed78bc92355e780c782fb35228007318e It also terminates itself if it finds a file name similar to any of the following: It terminates itself when executed in the following virtual environments: Start, suspend, and terminate processes and services.Add, delete, and change files and registry information.The backdoor connects to the URL dabmasterwm01to and executes commands from a remote malicious user, some of which are listed below (for the full list, please refer to our malware report): ZoomInstaller.exe will then open the process notepad.exe to run Zoom.exe. We also note that the Zoom app has been updated to version 5.0.cybercriminals may have repackaged the legitimate installers with WebMonitor RAT and released these repackaged installers in malicious sites.When running the ZoomInstaller.exe, it drops a copy of itself named Zoom.exe. They instead come from malicious sources. In May 2017, Revcode advertises his RAT WebMonitor at hackforums. Note that although the installers are legitimate, the ones bundled with malware do not come from official sources of the Zoom app like Zoom’s own download center or legitimate app stores such as the Apple App Store and Google Play Store. Note that this RAT is promoted on a hacking forum on which people can purchase. We have witnessed threats against several. However, like they always do, cybercriminals are expected to exploit popular trends and user behavior. The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. Recently, another campaign was reported that bundles the WebMonitor RAT with the Zoom Installer. WebMonitor RAT Bundled with Zoom Installer. Earlier, coinminers have also been bundled with the Zoom installer. Several types of cyber attacks have been seen targeting the remote collaboration app Zoom, as work from home brings a surge in active installations.
0 kommentar(er)
