Hackers using Zoom to install malware on your computer and phone
India Today
A security flaw in Zoom security allowed hackers to install malware on your computer, Android and iOS devices.
If you are using Zoom app for all video meetings and virtual gatherings, you should update your app soon. That is because a security flaw in security allowed hackers to install malware on your computer, Android and iOS devices. As per reports, the hackers first send a simple message to the targeted device and then malware is illegally installed in the device. Zoom has now acknowledged the bug.
As per reports, Zoom Client for Meetings runs on Android, iOS, Linux, macOS and Windows systems before version 5.10.0. “The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting user’s client to connect to a malicious server when attempting to use Zoom services,” Zoom noted in a blog post. The bug was discovered by Google's Project Zero bug hunter Ivan Fratric, who reported the issue to Zoom back in February.
"The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol," Fratric said in a blog post. The messages are crafted in a special way to target innocent users and implant malicious codes on the victim’s device. The worst bit is that even if users do not interact with the threat message, it will be injected to his computer or phone. Devices including Android, iPhone, and Windows can be easily targeted using this malware.
“This report describes a vulnerability chain that enables a malicious user to compromise another user over Zoom chat. User interaction is not required for a successful attack. The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol,” said Fratic. Zoom has marked the threat severity as “high”. All Zoom users are advisable to download the latest update V5.10.0 and refrain from opening any malicious links or interact with text messages.