Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks leverage Zoom’s popularity in Coronavirus outbreak to serve malware

Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and […]

zoom

Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity.

The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and normal users.

Zoom has over 74,000 customers and 13 million monthly active users, its popularity exploded with the COVID19 outbreak because the platform is used by millions of students, government and private employees.

According to a report published by Check Point, experts observed a significant increase in the number of registrations for new fake “Zoom” domains and malicious “Zoom” executable files, both are evidence of malicious campaigns carried out by experts.

“During the past few weeks, we have witnessed a major increase in new domain registrations with names including “Zoom”, which is one of the most common video communication platforms used around the world.” reads the analysis published by CheckPoint.

“Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week. Out of these registered domains, 4% have been found to contain suspicious characteristics.”

Check Point researchers observed over 1,700 new “Zoom” domains that have been registered since the beginning of the Coronavirus outbreak, with 25 percent of them registered in the last week.

Experts have also detected malicious files with names such as “zoom-us-zoom_##########.exe” and “Microsoft-teams_V#mu#D_##########.exe” (# representing various digits). The file acts as a dropper for the InstallCore PUA and could potentially deliver other malicious payloads.

Check Point pointed out that crooks are also targeting other applications widely adopted during this period due to the Coronavirus epidemic, such as Google Classroom.

Threat actors registered malicious domains like googloclassroom[.]com and googieclassroom[.]com to deliver malware.

Below the recommendations published by CheckPoint:

  1. Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts.
  2. Don’t open unknown attachments or click on links within the emails.
  3. Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.
  4. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  5. Prevent zero-day attacks with a holistic, end to end cyber architecture.
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – coronavirus, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]