Six malicious websites have been discovered which claim to offer downloads of Zoom, but contain nothing but the Vidar stealer malware.
The popularity of Zoom – a video meeting application – has exploded in the post-Covid landscape we find ourselves living in. No longer do people need to travel for face-to-face meetings, they can now be conveniently arranged and carried out over video. Accordingly, the demand for Zoom is huge, with around 485 million downloads completed since 2020. Due to this popularity, a gang of cybercriminals have decided to use Zoom as the bait for downloading the Vidar stealer.
As your employees are likely to consider a Zoom install safe, it’s important that we delve a little deeper and demonstrate why it may be far from safe.
Beware of Fake Zoom Sites
Vidar has been an active threat for some time now, but this latest attack is a new campaign and carries a number of unique threats. The six sites, discovered by Cyble Research, use a variety of URLs such as ‘zoom-download’ and ‘zoomus’ to appear legitimate. And, if you visit one of these sites, the visual aesthetics are remarkably similar to the official Zoom website, but this is where all similarities end.
Attempting to download the Zoom application from these malicious sites will, instead, redirect you to a GitHub file depository. From here, two files will be downloaded to your temporary folder:
- ZOOMIN~1.exe: this is a genuine Zoom installer which is included to create a front that nothing untoward is taking place.
- Decoder.exe: this is the malicious file which injects Vidar’s ability to steal into the Microsoft Build Engine. With this infection in place, Vidar is then able to contact remote Command and Control servers and begin transmitting data from the infected PC.
Like most stealer malware, Vidar concentrates on extracting confidential data such as login credentials, network details and whether any further vulnerabilities are present in the IT infrastructure. If vulnerabilities are detected, then it’s highly likely these will be logged and sold by criminal gangs. Protecting yourself against Vidar, therefore, is crucial.
How to Avoid Having Your Data Stolen
The mechanics of the Vidar Zoom threat are relatively common in the world of malware, so it’s likely you will run into a similar threat at some point. The best way to protect your PCs is by following these practices:
- Always Verify Websites: Vidar’s latest attack relies on poor judgement from its intended victims, the main error coming when they assume that the malicious website is genuine. Many antivirus suites contain tools which allow search results to be rated as to their level of safety, and there is also the option for these tools to present warning screens before accessing sites deemed unsafe. If these are unavailable, and you need to download some software, reach out to your IT team instead.
- Install Updates: Vidar is keen on logging any vulnerabilities contained within your PC, so it makes sense to limit these vulnerabilities. The best way to achieve this is by always installing updates as soon as they are available.
- Segment Your Network: to protect your data, it makes sense to adopt network segmentation. This procedure divides your network into different segments and allows you to keep them separate. Therefore, if one segment is breached, the others will remain protected, and this allows you to limit the spread of the malware.
For more ways to secure and optimize your business technology, contact your local IT professionals.
