In addition, the malware also injects itself into MSBuild.exe and retrieves the IP address hosting the DLL and configuration data. However, if a visitor is caught clicking on a fake application, they will receive two binaries in the temp folder: ZOOMIN-1.EXE and Decoder.exe. Upon opening the site, visitors will be directed to a GitHub URL indicating which app they can download. It is claimed that until now everything is still operating. We have seen many breaches where thief logs have provided the necessary early access to the victim's network."Ĭiting TechRadar, Monday, September 26, the researchers found six sites that address, zoom-download(dot)host, zoom-download(dot)space, zoom-download(dot)fun, zoomus(dot)host, zoomus(dot) tech, and zoomus(dot)website. "Thieve logs can provide access to compromised endpoints, which are sold on the cybercrime marketplace. "Based on our recent observations, (criminals) are actively running several campaigns to spread information thieves," said the Cyble researchers. One of the ones the researchers found was a type of Vidar Stealer, which is capable of stealing banking information, stored passwords, browser history, IP addresses, details about cryptocurrency wallets and other information. This was first noticed by researchers from Cyble who discovered a broad campaign targeting Zoom users.Ĭyble is a global cyber intelligence start-up, where they have found six fake websites that host various infostealers, namely malware that tries to steal information and other malware variants. Many online criminals create fake websites out there to spread all kinds of viruses and malware. However, online criminals also take advantage of this situation to commit fraud. JAKARTA - The popularity of video conferencing applications such as Zoom is still in great demand and needed, because some companies are still implementing Work From Home (WFH).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |