Zoom-related domain names grow significantly as malware threat rises
1,700 new domains with Zoom in their names have been registered since January
Zoom's recent surge in popularity as a result of the coronavirus outbreak has made the video conferencing platform a prime target for hackers.
Security researchers at Check Point have observed a sharp uptick in new domain registrations that contain the company's name since the public health crisis began.
According to the company's research, there have been 1,700 new Zoom-related domains registered since January of this year. However, of these domains, 25 percent of them were registered in just one week during mid-March.
Make careless data decisions history with our dark web monitoring and alerts. Get Dashlane for seamless, private 'interneting' with 2FA (two-factor authentication) by default. Your privacy matters to us so that’s why there's no limit on devices or passwords stored or shared.
- What is Zoom? How it works, tips and tricks and best alternatives
- Zoom apologies for major security vulnerabilities, promises fixes
- Zoom calls are not end-to-end encrypted, even though it says they are
Check Point was also able to confirm that at least 70 of these 1,700 domains were being used maliciously by cybercriminals as phishing websites designed to steal users' personal information.
Brand impersonation
In addition to using Zoom-related domains to launch phishing attacks, Check Point also discovered malicious executables that contained Zoom in their file names. Opening these files causes the InstallCore PUA to be installed on a victim's computer which could potentially lead to additional malicious software being installed on their machines.
However, according to Check Point, hackers aren't just targeting Zoom as the cybersecurity firm found similar files that contained Microsoft Teams in their file names.
The researchers also discovered fake domains for other popular services such as Google Classroom which is being used by teachers that have to conduct their classes virtually. In this case, hackers tried to trick users by misspelling the sites official name to lead them to phishing websites.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent falling victim to these and the other coronavirus-related scams making their way around the web, Check Point recommends that users check all of the emails they receive carefully, avoid opening unknown attachments or clicking on links in emails and check to make sure that the domains of the websites they visit are spelled correctly.
- Also check out our roundup of the best video conferencing services
Via Mashable
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.