A recent malware attack on Zoom users that aimed to steal private banking information has been shut down.Cyble Research & Intelligence Labs, and while Fox News Digital is told the website hosting the malicious download is no longer available experts are warning Zoom users to watch out for future attacks.
What does this malware do?The malware known as IcedID has been put into action through threat actors actively spreading it by using modified versions of the Zoom application. This has affected tons of businesses, as Zoom has grown immensely in popularity, especially among companies that transitioned to working from home at the start of the COVID-19 pandemic in 2020. The malware acts as a loader (a type of malware that is used to install other malware onto a computer) by stealing private information from these companies and dumping additional malware onto their employees’ computers.
This means that it is stealing sensitive information and also potentially installing other harmful software that can cause further damage. This can cause significant harm to the affected businesses, as they may lose valuable information and suffer from additional security breaches or system disruptions.Aside from being a loader, IcedID can also download additional modules from the internet and deliver other malware families, making it significantly difficult for the user to get rid of the malware once it’s planted into a computer. Once downloaded, its primary purpose is to steal private banking credentials.
How does the malware spread?
The most common way IcedID had been spread among users is by appearing via spam emails. The malware is hidden in email attachments found within malicious office files. However, these Zoom hackers tried a new technique that many were unprepared for this time around.
They use a phishing website called explorezoom.com to deliver the malware. This is a fake website disguised as an official Zoom domain whose sole purpose is to deliver the IcedID malware. The page tells users that to use Zoom, they must download a file called ZoomInstallerFull.exe. The file will download the actual Zoom application to distract the user from realizing that IcedID malware is also being downloaded onto their device.
How can I protect myself from IcedID?
The best way to protect yourself from any type of malware is by installing quality antivirus protection onto your device. You can install this on your phone, tablet and laptop. It would be a good idea for you to suggest this to your company if you’re someone who works from home and uses a device provided by your employer.
Best Antivirus Protection
It’s critical that all of your devices are protected from ongoing threats online. See my expert review of the best antivirus protection for your Windows, Mac, Android & iOS devices by searching “Best Antivirus” at CyberGuy.com by clicking the magnifying glass icon at the top of my website.
Related: Free antivirus: should you use it?
Have you or someone you know been attacked by this malware called IcedID? If so, we’d like to hear from you.
For more of my security tips, head over to CyberGuy.com and be sure to subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.
EDITOR’S NOTE: This story has been updated to reflect the malware attack is not currently underway.
Copyright 2023 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.