IcedID malware recently targeted Zoom users. IcedID, also known as BokBot, is a banking trojan that enables attackers to steal victims’ banking credentials. IcedID is a modular banking trojan that targets user financial information and is capable of acting as a dropper for other malware.
In this recent wave of attacks, the malicious code was disguised as a Zoom installer file in order to be opened in error. Once activated, the code functions to maliciously steal banking credentials from businesses.
Zoom as an application is secure. End-to-end Encryption, when enabled, ensures that communication between all meeting participants in a given meeting is encrypted using cryptographic keys known only to the devices of those participants. However, risks can arise from third party applications or emails.
Zoom also has the facility for two-factor authentication to be enabled, as a tool to enable users to further protect their accounts.
This situation demonstrates one of the challenges and vulnerabilities of video conferencing platforms. This comes at a time when video conferencing are now considered a mission critical application for many business units.
George Waller, co-founder and CEO of Zerify tells Digital Journal that he believes hackers are determined to succeed in their phishing attacks and are using video conferencing platforms as a means to their end.
Waller explains: “Video conferencing is a key organizational tool that companies use daily for communications with employees, customers business partners, clients and other contacts essential to the business.”
He adds: “This Zoom phishing attack is just another example of how easy it is to breach existing corporate defenses and install malware onto a corporate network. Once malware is installed, all sorts of havoc can ensue — from ransomware to exploiting a computer’s camera, microphone, keyboard and clipboard and stealing desktop screenshots.”
In terms of those operating behind the scenes, Waller observes: “Hackers who employ malware are persistent, and they’re determined and often successful at getting their malware on your endpoint. Therefore, it is crucial to take a proactive approach and lock down their endpoint computers knowing that malware steals sensitive user data and corporate and confidential information.”