Hacks

Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps. Researchers from Trend Micro observed a  new campaign  that leverages several popular messaging apps including Zoom. WebMonitor RAT Campaign In the new campaign, attackers repackaged the legitimate zoom installer with WebMonitor RAT. The infection starts with downloading the malicious file ZoomIntsaller.exe from malicious sources. While running the malicious file it drops a copy of itself named Zoom.exe and to execute the Zoom.exe it opens the process notepad.exe. Once executed it connects with the remote C2 server and executes following commands. Add, delete, and change files and registry information Close connections Get software and hardware information Get webcam drivers/snapshot Record audio and log keystrokes Start, suspend, and terminate processes and services Start/stop screen stream Start/stop Wire...

A new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants. Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration. Zoom Malware Injection Process Security researchers from Morphisec Labs observed a new vulnerability that lets malware injects into the Zoom process without any interaction even the recording option disabled for the user. At the time of recording none of the participants aware that the session is recorded and the Zoom malware has full control over the outputs. This opens a way for hackers to spy on Zoom sessions, as hackers already started selling thousands of  Compromised Usernames and Passwords  of Zoom Accounts Listed on Dark Web Forum. “Furthermore, Zoom is usually a trusted application; turning it into an info-stealer in...

Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic made it overnight a favorite tool for millions of people. Though Zoom is an efficient online video meeting solution, it's still not the best choice in terms of privacy and security. According to the latest finding by cybersecurity expert  @_g0dmode , which was also  confirmed  by researcher Matthew Hickey and  Mohamed A. Baset , the Zoom client for Windows is vulnerable to the ' UNC path injection ' vulnerability that could let remote attackers steal login credentials for victims' Windows systems The attack involves the SMBRelay technique wherein Windows automatically exposes a user's login username and NTLM password hashes to a remote SMB server when attempting to connect and download a file hosted on it. The attack is possible only because Zoom for Windows supports remote UNC paths, which converts such potentially insec...