Latest phishing campaign hits potential Zoom users with malware


Threat actors modified Zoom, a popular video conferencing app, and used a scam website to deliver malware to users’ devices in a phishing attack, Cyble Research & Intelligence Labs (CRIL) report says.

Hackers usually target virtual communication tools such as Zoom to easily deliver malware to the user’s machine. This time, according to CRIL, IcedID malware was used in a phishing campaign.

IcedID, also known as BokBot, is a banking trojan that enables attackers to steal victims’ banking credentials. This malware primarily targets businesses and can be used to steal payment information. In addition, IcedID acts as a loader, allowing it to deliver other malware families or download additional modules.

ADVERTISEMENT

IcedID usually spreads via spam emails with malicious Office file attachments. However, in this campaign, the attackers employed a phishing website to deliver malware, which is not a typical distribution method.

A highly convincing phishing page that looked like a legitimate Zoom website was used to trick users into downloading the IcedID malware.

When users clicked on the download button, they were prompted to get a Zoom installer file, but the latter was actually a disguised version of the IcedID malware. It’s not, however, officially known if user data was stolen.

Threat actors are fond of impersonating and exploiting online platforms that had become increasingly popular in recent years, particularly due to the COVID-19 pandemic, when remote work became standard.

In an attack at the beginning of 2022, described by Armorblox, social engineering was used to mimic an email invite to start a Zoom meeting and trick 10,000 users into clicking a malicious link.

The general advice experts give is to act carefully – pause, take a step back, and examine carefully before clicking a link or downloading an attachment. Phishing emails often contain small grammatical errors, use emails that only resemble the original sender, or add links that do not lead where they’re supposed to lead.

On an organizational level, investing in appropriate cybersecurity training for employees might protect the business from the aftermath of phishing attacks even better than some security products.

ADVERTISEMENT