Sunday, January 24, 04:47
Home security False Zoom Installers install backdoors on Windows systems

False Zoom Installers install backdoors on Windows systems

Zoom Installers

The hackers exploit various applications teleconferencing, such as Zoom, to infect them systems of victims with malicious software. Researchers security from Trend Micro have discovered two examples of malware that infect Windows systems and are presented as Zoom installers. Malicious Zoom installers are not distributed through official distribution channels.

False Zoom installers

One of these fake Zoom installers installs one backdoor which allows attackers to acquire remote access in Windows computer of the victim. The second is the Devil Shadow botnet.

The first malicious installer is very similar to the official version. Contains encrypted archives that will decrypt the version of malware.

The malware "kills" the current remote utilities during installation, and opens the TCP port 5650 to gain remote access to the infected system.


Furthermore, running an official zoom installer so as not to arouse suspicion.

The second fake Zoom installer is related to Devil Shadow Botnet. The infection starts with the malicious installer, with a file called pyclient.cmd and contains malicious commands.

And in this case, hackers include a copy of the official Zoom installer to deceive victims. The breached app installer develops malicious archives and codes.

Malicious software sends to its C&Cs information collected every 30 seconds when the computer is turned on. More details on fake installers can be found here.

In another hacking campaign, attackers used fake Zoom installers to infect victims with WebMonitor RAT. The infection begins with taking the malicious file ZoomIntsaller.exe from malicious sources.

Due to the pandemic of coronavirus, many companies around the world have asked them employees them to work from home. This new situation has increased the use of teleconferencing applications, something that has not gone unnoticed by cybercriminals.

However, there are some signs showing us that something is wrong. For example, the above Zoom installers hosted on suspicious sites and not in official app stores, such as the Play Store, the App Store, or the Zoom Download Center. Another sign is that malicious installers install and run the "legitimate Zoom installer" more slowly than the real thing program. Malicious versions take longer to execute, after extracting malicious data before the Zoom is executed.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Instagram: How to enable notifications for specific profiles

There are some profiles on Instagram where you want to see the content they publish as soon as possible - it can be a news ...

NASA's historic launch pad is to be demolished

NASA's famous Mobile Launcher Platform-2 launch platform, which has been linked to the Apollo and Space Shuttle missions, ...

Elon Musk: Gives $ 100 million for best CO2 capture technology Ο Elon Musk δήλωσε χθες, στο λογαριασμό του στο Twitter, ότι σκοπεύει να δώσει 100 εκατομμύρια...

How can you unblock sites and services using a VPN?

The Internet is free and open to all. However, there are some sites and services whose content is blocked, which ...

Google Chrome: How to manage your extensions?

Google Chrome extensions can be very useful, as they improve your productivity when using the browser.

Intel CPUs Review: Core i7-10700 vs Core i7-10700K!

Over the years, the Intel series of processors (CPUs) introduced the series of overclocking models "K" and more recently the series ...

The DeLorean can return as an electric car

The DMC DeLorean has been out of production for almost 40 years, but it looks like the iconic vehicle will return as an electric car.

Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...