Cybercriminals are using a sneaky trick to steal your data—disguising dangerous malware as a Zoom app. If you download Zoom from the wrong place, you could unknowingly invite hackers into your computer.
A New Threat is on the Rise
Security experts have found a fake Zoom installer spreading online. Once downloaded, this malware can secretly control your system. It can steal your files and even demand a ransom to return them. The criminals behind this attack are using a website that looks like the real Zoom site. However, the URL is different: zoommanager.com. This is not the official Zoom website.
Windows users are the main targets of this attack. Once the malware is installed, it hides in the system. It waits for the right moment to strike. It does not attack right away. Instead, it stays hidden for days. After that, it launches a full attack. It encrypts files and demands money from the victim.
How the Fake Zoom App Infects Your Computer
This dangerous malware works by tricking people into thinking they are downloading the real Zoom application. The process follows a well-planned sequence:
When users search for Zoom to download it, they might come across a website that looks like the real Zoom page. However, the web address is slightly different. The user may not notice that the URL is not exactly right.
Once the user clicks the download button, two files are downloaded: one is the real Zoom installer, and the other is the malicious software. The malware is designed to avoid detection. It disables Windows Defender, so antivirus software does not flag it.
After the malware is downloaded, it injects itself into a Microsoft system process called MSBuild.exe, making it harder to detect. Unlike many other viruses, this malware does not attack immediately. It stays inactive for several days, waiting to ensure that it hasn’t been discovered.
On the ninth day, the malware activates. It runs Windows commands to gather information about the system and installs hacking tools that let criminals take over the device remotely. This gives the attackers full control of the computer.
Once hackers take control, they can deploy ransomware. This encrypts important files and demands payment. The malware also uses tools to spread across the network. One of these tools is called Cobalt Strike, which helps them move through computers. They also install QDoor, giving them remote access to any infected device.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
The BlackSuit Ransomware Gang Behind the Attack
This malware is linked to BlackSuit ransomware, one of the most dangerous cybercriminal groups operating today. BlackSuit has been responsible for numerous attacks on schools, hospitals, police departments, and businesses across the United States.
In early 2024, the Kershaw County School District in South Carolina was attacked by BlackSuit. The hackers claimed to have stolen 17GB of sensitive files from the district, which serves over 11,000 students and employs more than 1,300 staff members.
In June 2024, multiple car dealerships in the U.S. were forced to shut down their digital systems after a ransomware attack on CDK Global, a company providing software solutions to auto retailers. Businesses had to use pen and paper to continue operations.
Another target was Young Consulting, a software company now known as Connexure, which notified nearly a million individuals about a data breach that exposed their personal information.
With the rise of fake apps like this Zoom malware, users must be more cautious than ever when downloading software. Cybercriminals are getting smarter, and their tactics are more deceptive than ever before. Always double-check the website before downloading anything to avoid becoming the next victim.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
