Millions of people are currently declared fans of the video software Zoom. The conference platform, which was only known to insiders a few months ago, has become an important companion in the corona crisis: in the home office, of course, but the app also organizes yoga classes or tele-beer after work. There is hardly an Internet user who has not received a zoom link in the past few weeks.

But success always attracts criminals. According to the Israeli IT security company Check Point, over 1,700 domains – i.e. web addresses – have been registered since the beginning of the year, giving the impression that they may have something to do with zoom. This is a clear indication that fraudsters will use the new conference mode for so-called phishing messages. The wrong messages could pretend to be invitations to zoom calls, but they could actually steal information or install malware. For this to work, the hackers behind it try to persuade users to click or install.

Corona virus updates – twice a day via email or push message

All reports on the current situation in Germany and worldwide as well as the most important news of the day – twice a day with SZ Espresso. Our Newsletter brings you up to date in the morning and evening. Free registration: In our News app (download here) you can also subscribe to the espresso or breaking news as a push message.

This is exactly where Zoom makes it much easier for fraudsters than other software because the platform sometimes behaves like malware. Felix Seele is a malware analyst at the Bochum IT company VMRay. He also made an appointment with friends via Zoom and was surprised at how quickly the program was installed after clicking on a conference link. What ordinary internet users like makes experts like Soul suspicious. So he analyzed the program on his Mac computer (Apple) and then expressed clear criticism of Zoom via Twitter: due to his extreme focus on making the app as easy to use as possible, the program neglects useful security standards. Zoom tries to reduce the clicks that lead to a successful call, sometimes by force. For example, Zoom pretends to be a “system” during installation, and for no reason. The result: users would be trained to enter their password in any pop-up dialog. The app thus contradicts the efforts of IT security experts worldwide to use administrative rights sparingly.


New malware uses tricks similar to Zoom

In fact, according to Seele, there is already malware for the Mac that uses tricks similar to Zoom and pretends to be Apple audio drivers. The desire to keep the app as simple as possible is understandable, says Seele. If security mechanisms were levered out just to save a click, a limit was reached. The behavior reminds Seele of another arch enemy of the security industry. Until a few years ago, it was references to the Adobe Flash player that made people want to allow unwanted software to access their computers. “I can well imagine that the next wave of malware will pretend to be zoom software,” says Seele.

It’s not the first time that Zoom’s quest for ease-of-use has struck IT security professionals. About a year and a half ago, Apple deleted the zoom app remotely from all users’ devices: experts had discovered that hackers could use a web server installed by Zoom to secretly film users. And there are currently several messages that raise doubts about the security of the app. For example, the website The Intercept found that Zoom’s video calls are not end-to-end encrypted, contrary to the company’s statements, while the Bleeping Computer website reports that links sent in the chat from Zoom sessions contain the Windows password from Lets users find out. And data protection also leaves something to be desired: Only a few days ago, research on the Motherboard website revealed that Zoom – without indicating this in its terms of use – transmits user data to Facebook. At least Zoom has now reacted to this and announced that it will stop sharing the data.