Numerous fraudulent websites are attempting to impersonate Zoom to infect the victims’ devices with malware. The Zoom homepage is mimicked by a new campaign, which uses identical designs, user experience, and buttons to entice people to download the app. The Vidar Stealer malware is downloaded to the system whenever the user installs the software package that was supposed to be the Zoom app, and as soon as it is opened, it immediately begins to spread across the system.
Zoom is a popular video conferencing platform developed as a proprietary video telephony software program by Zoom Video Communications. Since more businesses are adopting work-from-home policies, various apps and video conferencing platforms, like Zoom and Microsoft Teams, are growing in popularity among staff members and attracting the attention of threat actors.
Vidar Stealer malware on the rise
Malware @Zoom downloads 🤖
/zoom-download.host
/zoom-download.space
/zoom-download.fun
/zoomus.host
/zoomus.tech
/zoomus.website
PDRhttps://t.co/7NJ4fEJ9Su@ULTRAFRAUD @malwrhunterteam @JAMESWT_MHT @illegalFawn @nullcookies @AlvieriD @BumbledBubble @ActorExpose pic.twitter.com/JYq2UJEMQ7— idclickthat (@idclickthat) September 12, 2022
Cybersecurity experts have warned users to be aware of these fake Zoom websites, which, in most cases, are embedded with malware called the “Vidar Stealer.” The malware is designed to steal information from the victims by using Zoom as bait for users. Once the user downloads the malware, it spreads into the system and accesses the browser’s login details, passwords, and crypto-wallets accounts.
Cybersecurity company Cyble’s Research and Intelligence Lab (CRIL) reported the news about the Fake Zoom websites after its researchers discovered numerous websites imitating Zoom. A Twitter user named idclickthat shared the Tweet about the campaign and listed some of the domains used in the campaign led by the unknown threat actor.
The Tweet mentioned several websites with different domain extensions, including /zoom-download.host, /zoom-download.space, /zoom-download.fun, /zoomus.host, /zoomus.tech, and /zoomus.website.
These fake websites used the same user interface, colors, buttons, and download style as the original Zoom. Another thing that caught the researcher’s and the hackers’ attention is Zoom’s official website extension that uses ‘.US’ instead of the standard ‘.com.’
A different-looking extension provides enough confidence to hackers to impersonate the website and trick people into downloading the malware.