Researchers warn the installers are legitimate but don’t come from official sources of the Zoom app, including the Apple App Store and Google Play. This story was updated on 5/4 to include comments from Zoom. A newly discovered attack campaign is abusing Zoom installers to spread the RevCode WebMonitor RAT and exploit reliance on messaging apps to communicate and work remotely. Trend Micro researchers who detected the attack say it resembles an early April campaign that leveraged Zoom installers to put a cryptocurrency miner on target devices. The WebMonitor RAT is spread using legitimate but malicious installers; those bundled with malware don’t come from official sources that include Zoom’s download center, the Apple App Store, or Google Play. Researchers note Zoom has been updated to version 5.0, which brings security and privacy changes.
Source: ZD Net