Millions of people are currently declared fans of the video software Zoom. The conference platform, which was only known to insiders a few months ago, has become an important companion in the corona crisis: in the home office, of course, but the app also organizes yoga classes or tele-beer after work. There is hardly an Internet user who has not received a zoom link in the past few weeks.
But success always attracts criminals. According to the Israeli IT security company Check Point, over 1,700 domains – i.e. web addresses – have been registered since the beginning of the year, giving the impression that they may have something to do with zoom. This is a clear indication that fraudsters will use the new conference mode for so-called phishing messages. The wrong messages could pretend to be invitations to zoom calls, but they could actually steal information or install malware. For this to work, the hackers behind it try to persuade users to click or install.
All reports on the current situation in Germany and worldwide as well as the most important news of the day – twice a day with SZ Espresso. Our Newsletter brings you up to date in the morning and evening. Free registration: sz.de/espresso. In our News app (download here) you can also subscribe to the espresso or breaking news as a push message.
This is exactly where Zoom makes it much easier for fraudsters than other software because the platform sometimes behaves like malware. Felix Seele is a malware analyst at the Bochum IT company VMRay. He also made an appointment with friends via Zoom and was surprised at how quickly the program was installed after clicking on a conference link. What ordinary internet users like makes experts like Soul suspicious. So he analyzed the program on his Mac computer (Apple) and then expressed clear criticism of Zoom via Twitter: due to his extreme focus on making the app as easy to use as possible, the program neglects useful security standards. Zoom tries to reduce the clicks that lead to a successful call, sometimes by force. For example, Zoom pretends to be a “system” during installation, and for no reason. The result: users would be trained to enter their password in any pop-up dialog. The app thus contradicts the efforts of IT security experts worldwide to use administrative rights sparingly.
New malware uses tricks similar to Zoom
In fact, according to Seele, there is already malware for the Mac that uses tricks similar to Zoom and pretends to be Apple audio drivers. The desire to keep the app as simple as possible is understandable, says Seele. If security mechanisms were levered out just to save a click, a limit was reached. The behavior reminds Seele of another arch enemy of the security industry. Until a few years ago, it was references to the Adobe Flash player that made people want to allow unwanted software to access their computers. “I can well imagine that the next wave of malware will pretend to be zoom software,” says Seele.