IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Zoom-themed cyber attacks fuel rapid malware growth

The Vidar malware has become more popular since August, allowing threat actors to steal sensitive information, IP addresses, and crypto wallets from infected devices

Cyber attacks that lure victims with themes around popular video conferencing service Zoom have helped increase malware growth, with one named Vidar becoming more popular in rapid time.

Vidar occupies position number eight, up seven places from August, in Check Point Research’s (CPR) Global Threat Index for September 2022. The CPR report found that although Formbook, an infostealer targeting Windows OS that currently affects 3% of organisations around the world, is still the most prevalent malware, the steep rise of Vidar is notable.

Vidar is an infostealer designed to give threat actors backdoor access, allowing them to steal sensitive banking information, login credentials, IP addresses, browser history, and crypto wallets from infected devices.

The increase in its prevalence comes after a malicious campaign in which fake Zoom websites, like zoomus[.]website and zoom-download[.]space, were used to lure users into downloading the malware

“In terms of the most prevalent malwares in September, it’s interesting to see Vidar leap into the top ten after a long absence,” said Maya Horowitz, VP of research at Check Point. “Users of Zoom need to stay alert to fraudulent links as this is how the Vidar malware has been distributed lately. Always keep an eye out for inconsistencies or misspelt words in URLs. If it looks suspicious, it probably is.”

Formbook was the most prevalent malware this month impacting 3% of organisations worldwide, followed by XMRig and AgentTesla which both impact 2% of organisations globally. 

Related Resource

CIO Priorities: 2020 vs 2023

Zero Trust, SaaS Security, and its impact on SD-WAN being a priority

Webinar title screenWatch now

Formbook was first detected in 2016 and is marketed as a malware as a service (MaaS) operation in underground hacking forums. It's known for having substantial anti-detection capabilities and a relatively low price.

The malware harvests credentials from various web browsers, collects screenshots, monitors, and logs keystrokes. It can also download and execute files according to orders from its command and control infrastructure (C2).

XMRig, on the other hand, is open source CPU software used to mine Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victim’s devices, according to Check Point.

Additionally, AgentTesla is an advanced RAT functioning as a keylogger and information stealer. It’s capable of monitoring and collecting a victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including in Google Chrome, Mozilla Firefox, and the Microsoft Outlook email client).

The type of vulnerability most exploited this month was a 'web server exposed git repository information disclosure, impacting 43% of organisations globally. Successful exploitation of this flaw can facilitate the unintentional disclosure of account information in the impacted product.

This was followed by Log4Shell which dropped from first place to second and impacted 42% of organisations. It was discovered late last year and sent shockwaves through the security community due to how many organisations were believed to be exposed.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Why Japan finds it so hard to digitally transform
digital transformation

Why Japan finds it so hard to digitally transform

1 Dec 2022