Zoomโ€™s been the center of attraction ever since the outbreak began. It has attracted many companies which were forced to turn their model to work-from-home, and also the hackers. The sudden popularity of this video conferencing platform is now used by hackers to fool users and dump a cryptojacking malware into their PCs, thus minting cryptocurrencies using victimsโ€™ resources.

Cryptocurrency Mining Malware
Cryptocurrency Mining Malware

Install โ€“ Infect โ€“ Mine

The sudden rise of work-from-home models gave enough push to video conferencing apps like Zoom, which were now actively targeted by attackers to exploit the community. Trend Micro reported an incident of hackers exploiting Zoomโ€™s installers, and dumping cryptojacking malware in usersโ€™ PCs, along with an original Zoom client to avoid being suspicious.

Cryptocurrency mining code snippets in malicious Zoom installer
Cryptocurrency mining code snippets in malicious Zoom installer

The sudden shift of working models gave little time for companies and users to check for security. This led the download Zoom from unknown sources and an installer for properly setting it up. While theyโ€™re getting the Zoom conferencing app as expected, but thereโ€™s an infected installer coming along. This was attacked by a cryptojacking malware that users fail to notice.

Upon installing, the malware checks for any antivirus software initially, as they could flag the malware and alert user. If unavailable, they proceed with their operations of collecting system data (for compatibility) and minting coins. It collects data like the systemโ€™s OS, CPU, GPU, video controllers, etc. These will be helpful to determine how much mining could be done.

Impacts and Remedies

Mining cryptocurrencies takes a vast amount of resources, especially CPU and GPU. Relying heavily on graphics wears out PC sooner than expected. This could even slow down the actual processes needed by the user. And as this minting process runs in the background, the user wouldnโ€™t know anything about it and will see effects in the long term.

Installing client and installer software from authentic sources is the only way to avoid being infected. Moreover, having a strong and updated antivirus can help the wave of most of the malware.

Source: Trend Micro

LEAVE A REPLY

Please enter your comment!
Please enter your name here