Zoom Installers are Being Bundled with Malware

By Richard Anderson

The sheer number of people now working from home to maintain social distancing during the coronavirus lockdown has resulted in huge interest in teleconferencing platforms such as Zoom. Despite the recent Zoom security concerns and privacy issues, Zoom remains one of the most popular teleconferencing platforms. Businesses are using the platform to ensure remote workers can maintain contact with the office, and consumers have started using the platform for socializing and speaking with friends and family members that can no longer be visited due to lockdown restrictions.

Cybercriminals are taking advantage of the popularity of Zoom and are using doctored Zoom installers to install malware. These installers will install the Zoom client, but they have been bundled together with malware. If the installer is downloaded, users will install the Zoom client and will be able to have Zoom meetings, but malware will also have been silently installed. The malicious Zoom installers have been used to distribute Remote Access Trojans, cryptocurrency miners, and adware.

Trend Micro has found a doctored Zoom installer that delivers coinminer malware. The coinminer uses a computer’s GPU and CPU to mine Monero. This will cause the computer to slow considerably and could potentially cause the device to overheat resulting in permanent hardware damage. The Remote Access Trojan, njRAT, has been found bundled with a Zoom installer which gives the attacker full control of an infected device.

If you are considering using Zoom for business or pleasure, ensure you download the Zoom client from the Zoom download section of the official Zoom website and not from any other source. Any unofficial sources of Zoom installers should be avoided due to the risk of installing malware.

Businesses that are encouraging their employees to use Zoom for work meetings should provide their employees with a link to the genuine download site to ensure they do not inadvertently install malware on their devices.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news