Zoom is a rapidly growing video conferencing service being used by more than 200 million users. But the service has been in the news for all the wrong reasons, including security flaws and weaknesses. Now, another threat has been seen for Zoom users. Hackers are using credential phishing emails to gain access to Zoom users’ account details. According to a report, hackers are targeting individuals and businesses in the transportation, manufacturing, technology, business and aerospace sectors in the US.
Due to the ongoing coronavirus epidemic, offices, schools, and other organizations have turned to video conferencing as a means of communication. This has led to a huge increase in user base for services like Zoom.
In an analysis published by Proof Point, it was found that credential phishing is being used to gain access to user account details. Phishing is the process of tricking and enticing users into sharing their account details.
The report states that hackers are using email to target several areas in the US. Emails come from “admin account” like “R Councilube Admin” or “admin @ servewebteam”[.]gq “and the subject line” Zoom account “. The body of this mail welcomes users to zoom in and gives them a link to activate their account. This link gives the user a” generic webmail landing Page “where they are asked to record their credentials.
Another phishing email zoom discovered by Proof Point tries to entice users with a “missed meeting” message. Mail claims that the user has missed the zoom meeting and gives a link through which the recipient can check their missed conference. Clicking on the link takes the user to a zoom page that seems quite official but, the proof point claims that it is a “spoofed page”. “The user is asked to enter credentials here.
A small campaign targeting manufacturing, industrial, marketing / advertising, technology, IT and manufacturing companies tries to infect users with the ServLoader / NetSupport remote access trojan. The mail thanks the recipient for responding to a fake RFQ (request for quotation) and offers to make a zoom call. These fairs may contain the subject line “[Company] Meeting canceled – can we call zoom “,”[Company] – I will not make it to Arizona – Can we talk on Zoom? “,” [Company] – I will not make it to Tennessee – Can we talk on Zoom? ”, And other variations.
It was also found that an attachment was sent to a large agricultural firm, which required “enabling macro”, after which a ServerOr PowerShell script executes and installs net-support, a remote-control application .
Through communication during the ongoing coronavirus epidemic with most people using video conferencing, threats are increasing against their privacy and security. However, it should be noted that this latest threat is not exclusively Zoom’s fault.