For those who’re trying to obtain the video conferencing (opens in new tab) platform Zoom, ensure you double-check the web tackle you’re downloading from, as a result of there are many faux web sites on the market spreading all types of nasty viruses and malware.

Researchers from Cyble have been investigating reviews of a widespread marketing campaign focusing on potential Zoom customers, and have so uncovered six faux set up websites that host varied infostealers and different malware variants. 

One of many infostealers uncovered was Vidar Stealer, able to stealing banking data, saved passwords, browser historical past, IP addresses, particulars about cryptocurrency wallets and, in some circumstances, MFA data, as effectively.

A number of campaigns

“Primarily based on our latest observations, [criminals] actively run a number of campaigns to unfold data stealers,” the researchers mentioned (opens in new tab). “Stealer Logs can present entry to compromised endpoints, that are bought on cybercrime marketplaces. We’ve seen a number of breaches the place stealer logs have supplied the mandatory preliminary entry to the sufferer’s community.”

The six websites uncovered are zoom-download[.]host; zoom-download[.]area, zoom-download[.]enjoyable, zoomus[.]host, zoomus[.]tech, and zoomus[.]web site and, in response to The Register, are nonetheless operational.

The guests can be redirected to a GitHub URL that reveals which purposes they will obtain. If the sufferer chooses the malicious one, they obtain two binaries within the temp folder: ZOOMIN-1.EXE and Decoder.exe. The malware additionally injects itself into MSBuild.exe and pulls IP addresses internet hosting the DLLs, in addition to configuration information, it was mentioned. 

“We discovered that this malware had overlapping Ways, Methods, and Procedures (TTPs) with Vidar Stealer,” the researchers wrote, including that, like Vidar Stealer, “this malware payload hides the C&C IP tackle within the Telegram description. The remainder of the an infection strategies seem like comparable.”

The easiest way to keep away from this malware is to double-check the place you’re getting your Zoom packages from.

• These are the most effective firewalls (opens in new tab) round

Through: The Register (opens in new tab)