contador web Skip to content

Zoom: Video conference program becomes the target of blows in quarantine | Security

Zoom videoconferencing software has been used as bait to hit home office workers during quarantine of the new coronavirus. According to a survey conducted by the digital security company Check Point, there were 1,700 new registered domains containing the word zoom since the beginning of the year, including a portion with suspicious characteristics. The survey also identified fake installers of the Windows program.


#FiqueEmCasa: tips help you use Zoom during coronavirus quarantine

Experts estimate that hackers have taken advantage of the service's growing popularity during the Covid-19 pandemic. Currently, the meeting app holds 20% of the global market for this type of solution. Among the threats are the installation of malware to steal data from the computer and even the interception of images, audio and files during a conference.

Hackers take advantage of Zoom's popularity to apply scams to home office workers Photo: DivulgaoHackers take advantage of Zoom's popularity to apply scams to home office workers Photo: Divulgao

Hackers take advantage of Zoom's popularity to apply scams to home office workers Photo: Divulgao

Want to buy cell phones, TV and other discounted products? Meet Compare dnetc

Registering domains similar to the original is often one of the steps of a phishing campaign. The objective is to attract the click of users on fake websites to force them to view advertisements, download malicious files or deliver login data from the platform or social networks, Zoom, it is worth remembering, allows you to log in with Google or Facebook.

Some addresses may have been registered by the company itself, but Check Point has detected a group of suspicious domains containing misspellings that are apparently intended to mislead less aware users. The researchers also found fake installers with the name zoom-us-zoom _ ##########. Exe that pose a potential hazard.

See also: home office: see tools for working at home on the coronavirus

Home office: see tools for working at home on the coronavirus

Home office: see tools for working at home on the coronavirus

The strategies are the same as those already used by hackers with more famous videoconferencing solutions. During the quarantine of the new coronavirus, software such as Microsoft Teams and Google Classroom, which specializes in distance learning, has also been used to name fraudulent websites and installation packages with dangerous content.

In addition to installing viruses on your computer, attacks can attempt to break into conversations on Zoom by taking advantage of unpatched vulnerabilities. Months ago, Check Point revealed a bug in the program that left conversations, audio, video and meeting documents vulnerable to espionage. In addition, hackers have already invaded meetings without calling the host's attention through scripts that guess the random sequences of invitations and generate links to access active conferences.

The first step is not to fall for scams like accessing the official Zoom website directly (zoom.us) or using Google search. Watch out for addresses that try to imitate the original, especially those that use symbols to make the letters look similar. Avoid clicking on links or opening attachments received by email, WhatsApp or social networks, unless you confirm with the sender that it is in fact a message sent by the person.

It is also important to keep the program up to date. To do this, click on the icon with the right mouse button and select Check for updates. The measure helps to download any bug fix packages made available by the manufacturer, protecting the software from possible vulnerabilities.

Keep Zoom updated so as not to put security at risk Photo: Reproduo / Paulo AlvesKeep Zoom updated so as not to put security at risk Photo: Reproduo / Paulo Alves

Keep Zoom updated so as not to put security at risk Photo: Reproduo / Paulo Alves

The user can also take security measures to prevent meetings from being hacked. One of them always seeks to schedule meetings, as this is the only way that free account users have to require a password to access guests.

In addition, it is possible to create a waiting room in which all guests will be placed and can be screened by the host before entering the meeting itself. Experts also recommend moderating guests' participation, restricting access to the microphone and controlling who is allowed to record the session.