Miscreants attacking Zoom with malware; security on users' systems being compromised

When it comes to video conferencing, Zoom is among the most popular platforms in the world. With hundreds of millions of daily active users, the platform hosts multiple online meetings including business conferences, project management meetings and even online classes. However, as the platform caters to such a wide variety of users. it has grabbed the attention of hackers and bad actors.

Google Project Zero reports ongoing cyberattacks on Zoom

According to a recent report by Google's Project Zero, hackers are using Zoom to target users around the world. Using the video conferencing platform, bad actors are sending a simple message to target users, putting their devices at risk. Now, unlike other spam messages, hackers are using some new technique wherein the user does not even need to interact with the message. All the hacker needs to do is send a message to a Zoom user over the XMPP protocol to compromise the user's system and deploy malware. 

Zoom has acknowledged the bug and marked it as a threat with high severity. Zoom has also scored the threat an 8.1 out of 10 on the Common Vulnerability Scoring System. Additionally, the security issue affects users of Zoom on all platforms including Windows, macOS, Android, iOS, Linux and more. Thankfully, users can update the version of Zoom installed on their devices to version 5.10.0 to evade the security issue. 

Microsoft Teams was also targetted by hackers earlier this year

Earlier this year, another popular video interaction platform Microsoft Teams was being used by bad actors to extract personal information. In a report by Avanan (cyber security firm), users were warned about such cyberattacks that had been going on since January. The firm has discovered thousands of attacks on Microsoft Teams, wherein bad actors are sending Trojan-loaded documents and files on Teams via the chat section. The report also mentions the name of this file to be "User-Centric" and when this file is installed by a user, it tries to write data on the Windows registry. 

As a general practice, users should not click on links or any other files sent by unknown sources, either on the text message or on messaging platforms like WhatsApp. Additionally, users should be careful about the files and applications they download from the internet. Even on Gmail, users should be alert about clicking on attachments and links if the sender is unknown as it might be an attempt to comprise their system.