Skip to main content

Hacked Zoom installers taking over PCs — protect yourself now

best free zoom backgrounds
(Image credit: Zoom)

Two more corrupted Zoom installers are out there waiting for people to download and run them, Trend Micro researchers reported today (May 21).

"These malicious fake installers do not come from Zoom's official installation distribution channels," researchers Raphael Centeno and Llallum Victoria said in a blog post. "One of the samples installs a backdoor that allows malicious actors to run malicious routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices."

The installers aren't quite "fake," as they do indeed install Zoom on your PC. But they are noticeably larger in file size than the normal Zoom installer, thanks to the extra malware, and take longer to run. You won't find them at the official Zoom download page.

To make sure you're not infected by either of these pieces of malware, only get Zoom software from the Zoom website. You should also be running one of the best antivirus programs, which will detect both of the bad bugs. 

In fact, you don't need to install Zoom software to join a Zoom meeting -- more information on that below.

Who's Zooming who?

The first of these two corrupted installers terminates any existing remote-desktop software, then opens up an obscure network port, steals the login credentials of the PC's legitimate user and allows its own remote attackers to connect to the PC. 

The second bad installer reaches out to a remote server controlled by attackers and sets up its malware component to run upon system startup. It's designed to hijack your webcam, take screenshots, log keystrokes and penetrate your firewall. It also checks to see what kind of antivirus software you might have installed.

"Both pieces of malware can be used to infiltrate systems of high-value targets in enterprises or non-business industries to steal proprietary and confidential information," the Trend Micro researchers wrote. 

These aren't the first instances of Zoom installers being corrupted by malware. In early April, the same Trend Micro researchers found a cryptocurrency miner embedded in a working Zoom installer. At the end of April, Trend Micro found a remote-access Trojan, basically a PC hijacking kit, smuggled in another Zoom installer program.

How to use Zoom without Zoom software

Despite what Zoom would have you believe, you can join a Zoom meeting without having to install anything. Any recently updated web browser will do. 

When you click on a Zoom meeting link, a browser page will pop up asking you to install Zoom. Ignore that and try to click on the meeting link in the web page a couple of more times. 

Eventually, you'll see a link in small print inviting you to join the meeting through your browser. Click that and you'll be in, although you may need to create a Zoom account.