Installing Zoom with third-party installers can infect your PC/Laptop with a RevCode WebMonitor RAT Tool and steal data
The world-famous Video conferencing app Zoom suffered a data breach last month and is at risk once again. As you know the global pandemic COVID-19 has forced countries to set a nationwide lockdown. Due to this lockdown, people are forced with the “Work from Home” policy. Which leads to video conferencing.
There are multiple video conferencing apps like Google meet, Zoom, Microsoft Teams, and many more but Zoom has emerged as a clear favorite among users. This gave the cybercriminals a perfect opportunity to carry out their malicious activities using Zoom.
These attacks involve Zoomboming/Zoomraiding or spreading malware hidden in fake Zoom apps. According to Trend Micro cybersecurity researchers, cybercriminals are using malicious Zoom installers to distribute RevCode WebMonitor RAT (remote access Trojan).
The researchers also said that these installers, although authentic, doesn’t come from official sources such as Google Play, Apple App Store, or Zoom’s official download center.
However, the malware is said to be stored in the installers of the third-party websites. The victims are sent malicious links via phishing emails. As said before Zoom also suffered a data breach in April in which Zoom installers were used to infect devices with a cryptocurrency miner.
Moreover, in this malware, the cybercriminals have repackaged authentic Zoom installers with WebMonitor RAT. When someone downloads ZoomInstaller[.]exe, which contains an uninfected Zoom installer version 4.6 and the malicious RevCode WebMonitor RAT, the device gets infected with the RAT.
What is the WebMonitor RAT?
The WebMonitor RAT is a very powerful, user-friendly, easy-to-setup, and state-of-the-art monitoring tool. WebMonitor is a fully native RAT, meaning it will run on all Windows versions and languages starting from Windows XP and up, and perfectly compatible with all crypters and protectors.
This Malware once installed in the system, the attacker gains remote control of the system and can spy on the user via webcam streaming, keylogging, and screen capturing.
However, to avoid this situation, Update Zoom to the latest version which has fixed security errors. Download the Zoom App from only trusted providers like Playstore, Appstore, and Zoom’s official website. And we would recommend you to run a security scan from any AntiVirus to confirm your System is leak-free.