Boom in video chat apps brings out cybercriminals with fake sites, malware

MANILA, Philippines – Cybercriminals are taking advantage of the boom in popularity of video communications apps by making fake copycat pages and malware-laden fake executable files.

According to a report made by cybersecurity company Check Point Research, there has been a surge in malicious domain registrations that have "Zoom" in the name, after the popular video conferencing app boomed due to the coronavirus pandemic forcing people to stay at home. 

Check Point said, "Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week. Out of these registered domains, 4% have been found to contain suspicious characteristics."

Zoom isn't the only target, however. Phishing websites are targeting unsuspecting consumers who want to use a video chat app to connect for work, or to talk to friends and family. These include spoofs of Google Classroom, which Check Point said was "impersonated by googloclassroom.com and googieclassroom.com."

Check Point is also noting an increase in the number of malicious files masquerading as legitimate video conferencing applications.

Said Check Point, "Additionally, we have detected malicious files with names such as 'zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe' (# representing various digits). The running of these files leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation." 

The cybersecurity firm recommends not opening unknown attachments or files, and being wary of lookalike domains. Instead of clicking links on emails, it's also recommended you search for and bookmark the legitimate version of the site or app maker you want to visit. – Rappler.com