Zoom-related domain names grow significantly as malware threat rises

Man reading on computer
(Image credit: Pexels)

Zoom's recent surge in popularity as a result of the coronavirus outbreak has made the video conferencing platform a prime target for hackers.

Security researchers at Check Point have observed a sharp uptick in new domain registrations that contain the company's name since the public health crisis began. 

According to the company's research, there have been 1,700 new Zoom-related domains registered since January of this year. However, of these domains, 25 percent of them were registered in just one week during mid-March.

Dashlane Password Manager, now with a free VPN
Dashlane Premium

Make careless data decisions history with our dark web monitoring and alerts. Get Dashlane for seamless, private 'interneting' with 2FA (two-factor authentication) by default. Your privacy matters to us‎ so that’s why there's no limit on devices or passwords stored or shared.

Check Point was also able to confirm that at least 70 of these 1,700 domains were being used maliciously by cybercriminals as phishing websites designed to steal users' personal information.

Brand impersonation

In addition to using Zoom-related domains to launch phishing attacks, Check Point also discovered malicious executables that contained Zoom in their file names. Opening these files causes the InstallCore PUA to be installed on a victim's computer which could potentially lead to additional malicious software being installed on their machines.

However, according to Check Point, hackers aren't just targeting Zoom as the cybersecurity firm found similar files that contained Microsoft Teams in their file names. 

The researchers also discovered fake domains for other popular services such as Google Classroom which is being used by teachers that have to conduct their classes virtually. In this case, hackers tried to trick users by misspelling the sites official name to lead them to phishing websites.

To prevent falling victim to these and the other coronavirus-related scams making their way around the web, Check Point recommends that users check all of the emails they receive carefully, avoid opening unknown attachments or clicking on links in emails and check to make sure that the domains of the websites they visit are spelled correctly.

Via Mashable

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.