Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
● Cyber criminals are taking advantages of the video conferencing apps like Zoom to infect systems with malicious routines.
● Two malware samples that pose as Zoom installers but when decoded it contains malware.
● With the two malware samples, one found installing a backdoor that allows attackers to gain access remotely, another one is the Devil Shadow botnet in devices.
● The malware kills all the running remote utilities upon installation and opens TCP port 5650 to gain remote access to the infected system.
● The malware used to send gathered information to its command and control every 30 seconds every time the computer is turned on.
● The malicious fake installer not distributed through official distribution channels.
● Due to coronavirus pandemic, many companies around the world asked employees to work from home, which increases the usage of video conferencing apps and it is heavily targeted by attackers.
● The malicious installer resembles closer to the official version, it contains encrypted files that will decrypt the malware version.
*POINTS TO ALWAYS REMEMBER*
● Only download apps and software from official marketplaces and platforms.
● Secure your video conferencing app and operating systems. This can be done by updating device software to the latest version, using strong passwords for meetings, and configuring host controls.
● Use waiting room and Do not share your personal meeting Id.
● Users can supplement these safety measures with a multi layered protection system installed to block and detect known and unknown threats.
Always report any cybercrime to your nearest police station or alternatively report it on www.cybercrime.gov.in
|| STAY CYBER SAFE ||