Fake Zoom meeting silently installs surveillance software, says Malwarebytes

The latest fake Zoom meeting scam silently pushes surveillance software onto the Windows computers of unwitting employees.

That’s according to researchers at Malwarebytes, who warn that staff falling for the scam land in a convincing imitation of a Zoom video call. Moments later, an automatic “Update Available” countdown downloads a malicious installer, without asking permission.

The software installed is a covert build of Teramind, a commercial monitoring tool companies use to record what employees do on work computers. Many anti-malware solutions may not catch this because it would look like a legitimate application. But in the hands of a threat actor it’s gold: It logs keystrokes, takes screenshots at regular intervals, records which websites were visited and which applications were opened, captures clipboard contents and tracks email and file activity.

David Shipley, CEO of awareness training provider Beauceron Security, agreed employee training about fake Zoom invites is essential.

“Our research has shown that the two top reasons people click on a phishing link are that it looked legitimate and they were expecting something similar,” he said. “Thanks to AI, phishes look better than ever and can be more precisely targeted.” 

The key when teaching people isn’t just offering the traditional advice around checking the sender, subject line, or link, he added; 40% of people don’t even think before they click. 

“The key is teaching people to slow down with e-mail (or any communication tool the outside world can send messages to) and to always ask the following questions: ‘Do I know who is sending me this? Am I expecting it from this person? Does it feel off?’” 

The second teaching point, he said, is to remind staff to report if, after clicking on a Zoom email invite, it does something new, like installing software.

Read the Full Story at CSO Online