Zoom meeting application has always been in the headlines due to data leaks and controversies. Recent reports found out that the app is being used by hackers to induce malware and spyware on the devices of the users.
The threat starts with a simple message and pushes the host device to complete risk. The loophole was identified by the security experts at Google's Project Zero. As of now, Zoom has patched the vulnerability and the application is again ready to use. However, being safe online is something that you need always irrespective of the fact that the app is prone to attack or not.
As for the latest threat by Zoom, it was developed in such a way that a specifically structured and the compromised message was sent to the users. This allowed the hackers to drop malicious code on the victim's machine and shoot malware and spyware attacks.
How did the Zoom malware attack work?
The Zoom malware attack was quite dangerous as the interaction between the victim and the hacker was also not required. The attack could have been unleashed on any device including an Android smartphone, PC, or iPhone.
Google Project Zero security researcher Ivan Fratic said that the app had a vulnerability that allows the hackers to compromise the device of other users via a Zoom chat.
In order to conduct a successful attack, the hacker was not even supposed to interact with a successful attack. The hackers were only supposed to send messages to the target user via Zoom chat over the XMPP protocol.
How to stay safe from such attacks?
It has been suggested to all Zoom users to update their application to the latest V5.10.0 version.
In addition, some pointers are quite understood like avoiding clicking any links or text messages that seem fishy. Most of the people affected by these types of attacks are those who open links or texts from unknown sources.
Furthermore, if you are highly concerned about the confidential information stored on your device, then you can also have a look at one of its alternatives.
If you want to continue on the platform then make sure you have not allowed for all the permissions it asks for. Furthermore, the invite links of meetings should be shared via a channel of secure communication in order to avoid any misuse.
