Fake Zoom installers infect PCs with RevCode WebMonitor RAT

Zoom is being actively targeted by hackers in the past few weeks. Now, hackers are dropping fake Zoom installers with RevCode WebMonitor RAT.
Bewre; fake Zoom installers infect PCs with RevCode WebMonitor RAT

The coronavirus-led lockdown has forced people to work from homes. Remote working involves using a variety of video-conferencing and communication mediums like Zoom or Microsoft Teams. This compulsion has provided cybercriminals the perfect opportunity to carry out their malicious activities more passionately.

That’s why Zoom is being actively targeted by hackers in the past few weeks. These attacks involve Zoomboming or spreading malware hidden in fake Zoom apps. And now, Trend Micro has identified yet another attack campaign targeting Zoom users. 

According to Trend Micro cybersecurity researchers, cybercriminals are using malicious Zoom installers to distribute RevCode WebMonitor RAT (remote access tool). However, researchers have confirmed that these installers, although authentic, doesn’t come from official sources such as Google Play, Apple App Store, or Zoom’s official download center.

See: Over half a million Zoom accounts being sold on hacker forum

The infected Zoom installers are available at third-party websites and victims are sent malicious links via phishing emails. This campaign is somewhat similar to another campaign that was discovered in April. In that campaign, legit Zoom installers were used to infect devices with a cryptocurrency miner.

In the new campaign, cybercriminals have repackaged authentic Zoom installers with WebMonitor RAT. When someone downloads ZoomInstallerexe, which contains an uninfected Zoom installer version 4.6 and the malicious RevCode WebMonitor RAT, the device gets infected with the RAT.

Upon infection, according to Trend Micro’s blog post, it allows the attacker to gain remote control of the device and spy on the user via webcam streaming, keylogging, and screen capturing.

Bewre; fake Zoom installers infect PCs with RevCode WebMonitor RAT
RevCode WebMonitor RAT’s website where hackers sell the software

Amidst rising concerns over the use of Zoom for remote working, Zoom has updated its OS to version 5.0, which is touted to be far superior to the older versions in terms of privacy and security.

If you use Zoom, make sure it’s updated to the latest version only use legitimate distribution channels like Google Play to download Zoom. Moreover, install and scan your device with authentic antivirus software.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts