Zoom-related domain names grow significantly as malware threat rises

[Super Galaxy?]

Zoom's recent surge in po[CENSORED]rity as a result of the coronavirus outbreak has made the video conferencing platform a prime target for hackers.Security researchers at Check Point have observed a sharp uptick in new domain registrations that contain the company's name since the public health crisis began. According to the company's research, there have been 1,700 new Zoom-related domains registered since January of this year. However, of these domains, 25 percent of them were registered in just one week during mid-March.

 

Check Point was also able to confirm that at least 70 of these 1,700 domains were being used maliciously by cybercriminals as phishing websites designed to steal users' personal information.

 

In addition to using Zoom-related domains to launch phishing attacks, Check Point also discovered malicious executables that contained Zoom in their file names. Opening these files causes the InstallCore PUA to be installed on a victim's computer which could potentially lead to additional malicious software being installed on their machines.However, according to Check Point, hackers aren't just targeting Zoom as the cybersecurity firm found similar files that contained Microsoft Teams in their file names. 

 

The researchers also discovered fake domains for other po[CENSORED]r services such as Google Classroom which is being used by teachers that have to conduct their classes virtually. In this case, hackers tried to trick users by misspelling the sites official name to lead them to phishing websites.

 

To prevent falling victim to these and the other coronavirus-related scams making their way around the web, Check Point recommends that users check all of the emails they receive carefully, avoid opening unknown attachments or clicking on links in emails and check to make sure that the domains of the websites they visit are spelled correctly.