Security experts have discovered malicious versions of the popular video conferencing application Zoom which are targeting users working from home during the COVID-19 pandemic.
Amid serious privacy concerns surrounding the app, researchers at threat intelligence company Bitdefender have now detected and analysed versions of the app which look identical to the actual Zoom app but have been found to be trojanised versions.
As a trojanised app, it aims to fool users by appearing to be legitimate but attempts to gain access to a user’s system by loading malicious software into the system to steal, copy, delete or modify data in it.
The tainted versions have emerged at a time when the app’s popularity has soared amid work from home. Zoom on Wednesday, 1 April, announced in a blog post that it reached more than 200 million daily meeting participants on its platform, up from 10 million in December 2019.
“It did not take long for cyber-criminals to re-package it, disseminate it on third-party markets and wait for new victims to install it,” wrote Oana Asaltenei, Alin Mihai Barbatei and loan-Septimiu Dinulica, security researchers at Bitdefender.
“The samples documented in this article spread outside of the Google Play Store and exclusively target users who sideload applications on their Droids,” the blog warns.
Trojan Versions of Zoom App
The researchers analysed the software and found the malicious version has taken care to present itself as identical to the original one. The interface is identical as well as the package name ie, “us.zoom.videomeetings”. Moreover, the certificate details have also been designed to look the same.
According to Bitdefender’s post, “while the user interface is identical with the original application, it comes with extra “functionality” that the user did not sign up for. The malware tries to download its main payload from a command-and-control infrastructure at tcp[:]//googleteamsupport[.]ddns.net:4444”
This piece of malware has components injected in the repackaged Zoom application as seen in the image below.
Moreover, other versions of Zoom apps have been found specifically targeting Chinese and American users with ads that show up the moment a user taps on the icons.
“When the victim taps the app icon, the application either does nothing, or it briefly displays an ad before closing itself,” the blog states with respect to versions targeted at Chinese users.
The version targeted at American users also displays a similar intent. The researchers found that when opened, the application initially hides itself from the menu. “It then starts a repeating alarm that randomly sends an intent to an Ad Service. This service subsequently starts an AdActivity that opens an ad,” the blog states.
Zoom’s Major Privacy Issues
Zoom’s rapid surge in popularity has come under serious scrutiny by various internet privacy groups, including Indian Computer Emergency Response Team (CERT-IN).
Zoom is no stranger to privacy attacks. Recent cases of Zoom bombing, which the company has acknowledged in its blog, and a bug in the iOS app that sends user data to Facebook have mired the popular video-conferencing app in controversy.
The Quint had reported that CERT has further cautioned users against the cyber- vulnerability of Zoom, saying that the unguarded usage of the digital application can be vulnerable to cyber attacks, including leakage of sensitive office information to cyber criminals.
"Insecure usage of the platform (Zoom) may allow cyber criminals to access sensitive information such as meeting details and conversations," it said in its advisory.
Zoom’s founder and CEO Eric Yuan also mentioned that the company has fallen short of the community’s privacy expectations, and apologised for it in the blog post released by Zoom.
"We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socialising from home," said Yuan.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)