Thursday, May 7, 2020

Fake Zoom installers infect PCs with RevCode WebMonitor RAT and this is a reason why South African Parliament fell a prey

The corona virus lockdown has forced people to work from homes. Remote working involves using a variety of video-conferencing and communication mediums like Zoom. This compulsion has provided cybercriminals the perfect opportunity to carry out their malicious activities more passionately.
That’s why Zoom is being actively targeted by hackers in the past few weeks. These attacks involve zoomboming or spreading malware hidden fake zoom apps. And now, Trend Micro has identified yet another attack campaign targeting Zooming presentations and conferences.According to Trend Micro cybersecurity researchers, cybercriminals are using malicious Zoom installers to distribute RevCode WebMonitor RAT (remote access Trojan). However, researchers have confirmed that these installers, although authentic, doesn’t come from official sources such as Google Play, Apple App Store, or Zoom’s official download center.
The infected Zoom installers are available at third-party websites and victims are sent malicious links via phishing emails. This campaign is somewhat similar to another campaign that was discovered in April. In that campaign, legit Zoom installers were used to infect devices with a cryptocurrency miner.
In the new campaign, cybercriminals have repackaged authentic Zoom installers with WebMonitor RAT. When someone downloads ZoomInstaller[.]exe, which contains an uninfected Zoom installer version 4.6 and the malicious RevCode WebMonitor RAT, the device gets infected with the RAT.Upon infection, it allows the attacker to gain remote control of the device and the user via webcam streaming, keylogging, and screen capturing.
Bewre; fake Zoom installers infect PCs with RevCode WebMonitor RAT
RevCode WebMonitor RAT’s website where hackers sell the software
Amidst rising concerns over the use of Zoom for remote working, Zoom has updated its OS to version 5.0, which is touted to be far superior to the older versions in terms of privacy and security.
If you use Zoom, make sure it’s updated to the latest version only use legitimate distribution channels like Google Play to download Zoom. Moreover, install and scan your device withauthentic antivirus software.

No comments:

Post a Comment

Atleast 9 people were killed, others kidnapped, and houses burned during a new ADF attack on Friday, November 15, in Mabisio, a village in the Bapere sector in the Lubero territory (North Kivu).

  According to military Intelligence sources, the attackers targeted this village, where the army is not deployed, before attacking civilian...