Recently, Zoom has remained present in the news world owing to numerous security issues with their app. While they managed to address most of them, they couldn’t stop the hackers from exploiting the app’s fame. Cybercriminals have now targeted the video conferencing app Zoom owing to its growing popularity amidst COVID-19 and have bundled a seemingly legit Zoom installer with a cryptominer to exploit users.
Researchers from Trend Micro have found cybercriminals targeting the Zoom app installer with a cryptominer. As revealed in their post, hackers have bundled the legit Zoom installer, available on unofficial websites, with Coinminer.
In brief, whenever a user attempts to download the Zoom app from a malicious third-party website, the malware reaches their device together with the installer. The bundled AutoIt compiled malware Trojan.Win32.MOOZ.THCCABO drops numerous files to the device, most of which carry Coinminer. The dropped files also include a task scheduler and the legit Zoom installer for version 22.214.171.124.
The malware gathers various details from the target device regarding the operating system, GPU, CPU, video controllers, and processors.