Zoom Security Issues: Threat Actors Modified Zoom To Deliver Malware in a Phishing Campaign
Key Points:
- Cybercriminals have launched a new malware to attack users everywhere, intending to steal banking information through Zoom.
- Cyber experts at Cyble Research & Intelligent Labs identified the malware and now warn Zoom users to protect themselves.
- The malware, known as IcedID or BokBot, is a trojan that allows hackers to steal users’ banking credentials, download additional modules, and deliver other malware.
- Typically, hackers would spread the malware via email with a malicious Office file attachment, but in this campaign, they chose a unique distribution method.
- The attackers created a highly convincing fake website that looked like the original Zoom website to trick users into downloading the malware with the original software.
Zoom entered the public consciousness during the COVID-19 pandemic of 2020. The video conferencing app saw a meteoric rise to over 300 million from a mere 10 million meeting participants in December 2019.
The increased popularity and usage of Zoom have attracted the attention of hackers, who now target users with new malware to steal banking information. A team of cybersecurity experts from Cyble Research & Intelligence Labs recently identified the malware and created awareness for users to protect themselves.
What Exactly Does the Malware Do?
According to security experts, cyber criminals are using malware called IceID to run a phishing campaign that collects sensitive banking information. The banking trojan allows hackers to:
- Steal users’ banking information
- Deliver other malware families, as the trojan can act as a loader
- Download additional modules
At its core, the malware steals private banking credentials. However, its ability to install potentially harmful software for hackers to cause further damage makes it more dangerous. When the IceID malware downloads additional modules and delivers other malware families, it gets difficult for the affected user to get rid of it.
How The IceID Malware Spread
Typically, hackers would spread the trojan using emails with malicious attachments. However, hackers took a unique approach in this phishing campaign and created a decoy website to lure users into downloading the malware.
The Zoom hackers published a highly convincing phishing website called explorezoom.com that looked like a legitimate Zoom page and lured users into downloading the IceID trojan. Whenever users click the download button on that page, they are prompted to get a Zoom installer file called ZoomInstallerFul.exe. The file would then download the actual Zoom application and the IceID malware to the users’ computers.
Attackers Are Fond of Replicating Popular Brand’s Website
The number of fake websites posing as well-known brands has spiked recently, especially since remote work became a standard due to COVID-19. The approach makes sense because people are more likely to click a fraudulent link or share sensitive information if they believe they’re on the website of a well-known and trusted site.
With the increased internet usage, it’s easy to see how a well-constructed decoy site can fool many users who give them a quick glance. Today, hackers can design a website to replicate a popular brand and register a legit domain. You can get duped into trusting it as the official site if you’re not keen.
How Can You Protect Yourself From IceID Malware?
Your best approach is to act carefully with the websites you view. While the domains might look alike, you’ll spot the discrepancy if you look closer.
Take some time and scrutinize a domain name before downloading an attachment or clicking a link. On a business level, you can take several approaches, such as:
1. Investing in Appropriate Cyber Security Training for Employees
The best way to protect your business from IceID and other malware is to educate your employees on identifying and preventing malware attacks. Most data attacks stem from workers’ inability to identify malware attacks, which aids hackers’ schemes.
Train your employees to recognize most malware attack vectors, such as phishing scams, malicious links, and fake websites, to safeguard your business and its data.
2. Installing Anti-Malware, Antivirus, and Anti-Ransomware Tools
The second-best approach to secure your business is to protect yourself from ever-evolving online threats by installing security applications on your devices. Antivirus alone is not enough. You need multiple security tools.
Install anti-malware, antivirus, and anti-ransomware tools to compensate for another software’s weakness and get a superior defense against malware and devastating cyberattacks.
3. Securing Your Network
Network security is integral. You need a firewall to secure and monitor access to your business network. With a great firewall, you can monitor users even at a DNS level and add an extra security layer to block malicious connections to all protocols and ports.
Without a firewall, your network and data may be vulnerable to unauthorized activity and use, which can introduce dangerous malware into your system. Malware like IceID in your organization’s network can cause disasters such as data loss and downtime.
4. Outsourcing Your Cybersecurity
Keeping up with the ever-changing attack vectors, executing regular updates, utilizing the latest security solutions, and monitoring for malware can be time-consuming and challenging. Implementing a comprehensive cybersecurity program can take a lot of resources and effort.
However, you can’t overlook the task, no matter how daunting implementing security solutions are. Outsourcing some of your cybersecurity needs to a dedicated team of professionals can protect your business’s network and data from harm while saving you all the hassle.
Experts who regularly deal with cybersecurity can help your business learn about the latest attacks, deploy appropriate security solutions, and create awareness in your company against malware.
IceID is Highly Advanced Malware, But You Can Protect Your Business
IceID is sophisticated and long-lasting software that affects people worldwide. Hackers usually distribute it as a subsequent payload or through spam emails containing malicious Office file attachments. However, the Zoom hackers utilized a phishing site to deliver the malware.
Attackers will continue to get sophisticated to evade detection by cybersecurity measures. Your business should avoid downloading pirated software, refrain from opening untrusted links, and educate employees on protecting themselves from cyber threats to avoid malware infection.