Sunday, June 7, 02:56
Home security False Zoom installers infect computers with WebMonitor RAT!

False Zoom installers infect computers with WebMonitor RAT!

Because of pandemic Koronoi, many companies around the world have asked their employees to work from home, which has greatly increased the use of applications teleconference. However, cybercriminals they are increasingly taking advantage of the conditions created by the pandemic, targeting such applications. Researchers from Trend Micro they found a new one campaign which uses many popular messaging apps, including Zoom. Specifically, in this new campaign, intruders used fake Zoom installers to infect computers with WebMonitor RAT malware. False Zoom installers start infecting with WebMonitor RAT by downloading the malicious ZoomIntsaller.exe file from malicious sources. When the malicious file is executed, a copy of it is created with the name Zoom.exe and to run Zoom.exe, it opens the notepad.exe process. Once this is done, it connects to the remote server C2 and executes the following commands:

  • Add, delete and modify files and registry information
  • Closing connections
  • Get software and hardware information
  • Download webcam drivers / snapshot
  • Sound recording and key recording
  • Initiation, suspension and termination of procedures and services
  • Screen start / stop
  • Start / stop wireless access point

It also "throws" the Zoom.vbs file into the boot folder to enable automatic execution when booting the system. The process will end on its own if computer security tools are detected or if files called Malware, Sample and sandbox. In addition, malware may collect information about:

  • The battery
  • The computer
  • The desktop screen
  • The memory
  • The configuration of the network adapter
  • The operating system (OS)
  • The processor
  • The video controller

Recently, a new online campaign Phishing attempted to steal them credentials linking employees by falsifying his notifications Microsoft Teams. A new e-phishing campaign at Zoom also took place this month, urging recipients to attend a Zoom meeting where employees are expected to be notified that their contracts will be suspended or terminated. Government criminals continue to exploit the Koronoi pandemic to carry out various attacks, which may include malware, phishing, fraud and misinformation campaigns.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...