Zoom video conferencing application is once again under the limelight as new phishing scams have been discovered that will take the credentials of its user base. Hackers are using phishing emails to gain access to Zoom users’ account details.
As per a report by Proofpoint, hackers are trying to gain access to users’ Zoom account and some of them are also trying to infect users’ PC with malware. As per a report, the phishing email scam comes with a subject line of “Zoom Account” and it purports to be from an admin account. The message welcomes users to their Zoom account and it says that one has to click the link to activate the account. Once clicked, users are taken to a generic webmail landing page and are asked to enter their credentials.
Another way of getting the users’ account details is by sending emails of missed Zoom Meeting. In this way, the hackers send an email that claims that the recipient missed a Zoom meeting and it embeds a fake link. When the user clicks the link, he or she is taken to a spoofed Zoom page and it asks for their Zoom account details like username and password.
The report further highlights that hackers are using mail to inject trojans. A smaller campaign targeting manufacturing, industrial, marketing/advertising, technology, IT and construction companies try to infect users with ServLoader/NetSupport remote access Trojans. Hackers send subject lines like “[Company] Meeting cancelled – Could we do a Zoom call”. The hackers include an attachment that purports to be about the discussion and it also offers to have a call via Zoom.
If the recipient opens the attachment, they are prompted to enable the macro. “Once enabled, those macros execute a ServLoader PowerShell script which in turn will install the NetSupport a legitimate remote-control application that threat actors abuse. If installed, NetSupport can access any files and information on the compromised system that the user can, including usernames, passwords, and credit card information,” the report said.