Six malicious websites have been discovered which claim to offer downloads of Zoom, but contain nothing but the Vidar stealer malware.

The popularity of Zoom – a video meeting application – has exploded in the post-Covid landscape we find ourselves living in. No longer do people need to travel for face-to-face meetings, they can now be conveniently arranged and carried out over video. Accordingly, the demand for Zoom is huge, with around 485 million downloads completed since 2020. Due to this popularity, a gang of cybercriminals have decided to use Zoom as the bait for downloading the Vidar stealer.

As your employees are likely to consider a Zoom install safe, it’s important that we delve a little deeper and demonstrate why it may be far from safe.

Beware of Fake Zoom Sites

Vidar has been an active threat for some time now, but this latest attack is a new campaign and carries a number of unique threats. The six sites, discovered by Cyble Research, use a variety of URLs such as ‘zoom-download’ and ‘zoomus’ to appear legitimate. And, if you visit one of these sites, the visual aesthetics are remarkably similar to the official Zoom website, but this is where all similarities end.

Attempting to download the Zoom application from these malicious sites will, instead, redirect you to a GitHub file depository. From here, two files will be downloaded to your temporary folder:

  • ZOOMIN~1.exe: this is a genuine Zoom installer which is included to create a front that nothing untoward is taking place.
  • Decoder.exe: this is the malicious file which injects Vidar’s ability to steal into the Microsoft Build Engine. With this infection in place, Vidar is then able to contact remote Command and Control servers and begin transmitting data from the infected PC.

Like most stealer malware, Vidar concentrates on extracting confidential data such as login credentials, network details and whether any further vulnerabilities are present in the IT infrastructure. If vulnerabilities are detected, then it’s highly likely these will be logged and sold by criminal gangs. Protecting yourself against Vidar, therefore, is crucial.

How to Avoid Having Your Data Stolen

The mechanics of the Vidar Zoom threat are relatively common in the world of malware, so it’s likely you will run into a similar threat at some point. The best way to protect your PCs is by following these practices:

  • Always Verify Websites: Vidar’s latest attack relies on poor judgement from its intended victims, the main error coming when they assume that the malicious website is genuine. Many antivirus suites contain tools which allow search results to be rated as to their level of safety, and there is also the option for these tools to present warning screens before accessing sites deemed unsafe. If these are unavailable, and you need to download some software, reach out to your IT team instead.
  • Install Updates: Vidar is keen on logging any vulnerabilities contained within your PC, so it makes sense to limit these vulnerabilities. The best way to achieve this is by always installing updates as soon as they are available.
  • Segment Your Network: to protect your data, it makes sense to adopt network segmentation. This procedure divides your network into different segments and allows you to keep them separate. Therefore, if one segment is breached, the others will remain protected, and this allows you to limit the spread of the malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Following the discovering of a malware campaign spreading through YouTube channels, it appears that no corner of the internet is immune from hackers.

It’s increasingly common for businesses to run a YouTube channel as part of their marketing efforts, with over 60% of businesses regularly uploading videos. And with YouTube regularly attracting 5 billion daily video views, you can see why it’s an attractive target for threat actors. Thankfully, you can’t be hacked simply by watching a video on YouTube. However, you do need to consider the legitimacy of each video’s content and, more importantly, how safe the embedded links within these videos are.

How Does YouTube Spread Malware?

This latest threat to online safety appears, at present, to be concentrating on YouTube gaming channels, with a specific focus on those which cover games including Final Fantasy, FIFA and Spider-Man. The malware involved is what’s known as a malware bundle i.e. it contains several different strains of malware, with RedLine being the most dominant piece of malware.

The malware spreads through YouTube by uploading malicious videos to infected channels. These malicious videos may appear to be on-brand with the channel e.g. links to cheats for FIFA, but the payload will actually be the same malware which has infected the channel. Therefore, this malware bundle can spread through numerous niche-specific channels by using the same content.

What Does the Malware Bundle Do?

The malware contained within this attack comprises several different attack methods:

  • RedLine: the most substantial piece of malware found in the attack, RedLine harvests confidential data from those it infects e.g. downloading login credentials, accessing cryptocurrency wallets and extracting data entered into web browsers.
  • NirCmd: this application is, in fact, a genuine piece of software, but it’s one which provides the threat actors with a layer of stealth. Once activated, NirCmd conceals the activities of the malware it’s bundled with and makes the attack difficult to identify.
  • Cryptominer: interestingly, a cryptominer which hijacks the resources of the victim’s graphics card is also included. This is considered interesting as the attack targets gamers, a demographic who are likely to possess powerful graphics cards.

Staying Safe on YouTube

YouTube is a crucial asset in the business world, but this recent attack demonstrates it also carries security risks. Your organization may not run a gaming channel, but it’s likely this template will soon be replicated in other niches. Accordingly, it’s essential that you follow these two important practices:

  • Doublecheck links: when viewing videos on YouTube, it’s vital that you treat their links in the same way you would in an email. Always hover your mouse over any links (and that includes those in the video description) to reveal the true destination, copy and paste links into Google to highlight any existing concerns and, finally, ask an IT professional to verify them before clicking.
  • Regularly check your video library: if your organization hosts a YouTube channel, it’s recommended you keep an eye on the videos uploaded to it. The sudden appearance of videos you have no record of uploading may be the only indicator you have that your channel has been hacked.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Internet networks all over Iran are being shut down amid a series of protests in the country over women’s rights. However, the internet is fighting back.

Following the death of a young woman, who was being held by Tehran’s morality police for not properly wearing her hijab, protestors have been taking to the streets of Iran to demonstrate. Several internet networks already appear to have been closed down, and many services such as Instagram and WhatsApp are unavailable to those on mobile networks. And it’s not the first time that Iran has restricted public access to the internet. November 2019 saw a complete shutdown of the internet in Iran, again following protests in the country.

But the beauty of the internet is that it’s innovative and capable of adapting to any situation. As a result, the people of Iran have the chance to circumnavigate the restrictions put in place by their government.

How is Iran Accessing the Internet

To provide Iranians with freedom of speech, several groups have ensured that internet access in Iran is a reality. The main methods of access to get around the internet shutdown are:

  • Tor Browser: tapping into the need for online anonymity, the Tor browser has been encrypting the online activities of its users since 2008. It achieves this by using multiple layers of encryption known as ‘onion routing’. This method allows Tor to re-route traffic through numerous relay servers and conceal the true source and destination of any data transmitted. Taking this anonymity further, the developers of Tor are recommending that Tor bridges are set up – these are secret Tor relays which hide any evidence of being connected to a Tor network.
  • VPN: one of the most common ways to access the internet anonymously is through a virtual private network (VPN), and this is perfect for the current issues faced by those in Iran. A VPN works by creating a private network across an existing public network. This private network allows users to conceal their identity and location while accessing a local, public network. So, for example, a PC user in Iran could access the internet by rerouting their internet traffic through a server in the US.

Final Thoughts

The suppression of the internet in Iran is clearly a troubling blow for freedom and information. However, the solutions provided so far have allowed Iranians to have a voice. Instead of being silenced, the protestors are now able to upload evidence of the social upheaval taking place. This evidence is now spreading around the world and providing a more honest appraisal of the situation. And this breakthrough has been made possible by the decentralized nature of the modern internet.

Read More


It’s impossible for a PC to be 100% secure, but there’s nothing to stop you strengthening the defenses of your PC.

With cyberattacks on small businesses at an all-time high, there’s never been a more important time to strengthen your PC’s security. However, as ever, budgets are a crucial factor in achieving this. Thankfully, investing thousands upon thousands of dollars isn’t your only option (although it certainly helps) as simpler solutions are available. Many of these are processes which are either overlooked or simply unknown to most PC users. But the enhanced security they offer is unarguable. Therefore, it’s time integrate these 7 quick tips to improve the security of your PC:

  1. Automatic updates: software vulnerabilities are a sure-fire way to open your IT infrastructure to the world, so it’s vital you install updates as soon as possible. Installing updates, though, is far from glamorous and this is why many PC users fail to install them when available. Luckily, it’s possible to implement automatic updates in Windows to take the pain out of this process.
  • Never write down your passwords: it may be one of the biggest sins when it comes to PC security, but PC passwords are routinely written down in every single business in the world. And it’s a practice which needs to stop. The only place passwords should ever be stored is in either your memory or a password manager.
  • Shut your PC down: when you’ve finished on your PC for the day, you should always shut it down. It may be tempting to leave it running, so that you can start straight away again the next day, but all this does is label your PC as a sitting duck for hackers.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new malware threat has been discovered which uses the public excitement around the Webb telescope to deliver a phishing scam.

The first image to be released by the Webb telescope project was entitled SMACS 0723, and its new, stunning view of the galaxy created headlines around the world. However, it’s this level of interest which has led to hackers using it as bait. The image is used as part of an email phishing scam and, unfortunately, fails to highlight the wonders of space. Instead, it compromises a PC and leaves it at risk of further attacks.

Phishing scams are a contemporary irritant in the IT security world, so we’re going to delve deeper into this one and see what we can do to help protect your PC.

The Threat from Outer Space

This latest strain of malware has been given the rather complex name of GO#WEBBFUSCATOR but the way in which it operates is simple. Security experts Securonix have discovered a phishing email – described as one promoting satellite service plans – which contains an infected Microsoft Office document. If this document is downloaded and opened, the malware will – if Word macros are enabled – begin to release its payload.

The malware begins by downloading the SMACS 0723 image, but this image is far from innocent as it contains hidden Base64 code. With this code activated, the infected PC is then systematically tested for vulnerabilities and weaknesses. Once these have been detected and analyzed, the hackers begin a campaign of exploitation to take control of the PC. It’s also interesting to note that the computer language behind this malicious code is constructed from Go, a cross-platform language which highlights the scope of the threat actors behind GO#WEBBFUSCATOR.

Staying Safe on Planet Earth

The number of vulnerabilities this malware targets, along with its deceptive approach, make it a powerful weapon for hackers. Therefore, protecting yourself against its dangers is paramount and you must make sure you:

  • Monitor network activity: once malware such as GO#WEBBFUSCATOR has made its way onto your PC, it’s likely that you will notice a surge in unusual activity on your network e.g. increased traffic and downloads. And this is likely to be one of the only signs you receive, so it pays to keep a close eye on any spikes in network activity.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More