Zoom Exploits: Malware and Ransomware Threats

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 
September 16, 2025
3 min read

Malware Distribution via Zoom Remote Control Features

Hackers are exploiting Zoom's remote control functionality to infect devices with malware. This method relies on social engineering tactics to trick users into granting access, thereby allowing attackers to install malicious software or exfiltrate sensitive data. The cybercriminal group known as ELUSIVE COMET has been identified as a key perpetrator in these attacks. They employ a strategy that involves creating fake accounts and using them to establish a rapport with their targets, often through social media platforms. Security experts emphasize that the attackers typically initiate contact with potential victims by offering media opportunities or interviews. Once a connection is established, they arrange a Zoom meeting, during which they send a remote control request disguised as a system notification. Victims, caught off guard or less tech-savvy, may inadvertently accept control requests. This grants the attacker full access to the victim's device, enabling them to install malware and steal sensitive information, including cryptocurrency. To mitigate risks, it is advised to avoid accepting Zoom calls from unknown contacts and to disable remote control functionality during meetings. Organizations should also implement monitoring systems that flag suspicious activity and educate employees about the signs of phishing attempts.

Zoom down

Image courtesy of Tom's Guide For more details, see the following resources:

Ransomware Threats from Fake Zoom Installers

Hackers are also deploying ransomware through fake Zoom installers. The BlackSuit ransomware gang has been identified as a major player in this scheme. Instead of downloading the legitimate Zoom application from the official website, users are misled to visit counterfeit sites that appear similar to the legitimate one. Once users download the fake installer, the ransomware becomes active, hiding on the system until it begins encrypting sensitive data and demanding a ransom for decryption. The BlackSuit ransomware is particularly dangerous as it targets critical sectors, including healthcare and law enforcement. It uses a sophisticated method to ensure it remains undetected by standard security measures. After initially evading detection, it connects to a command server where additional malicious components are downloaded. It is crucial for users to verify the authenticity of the sites from which they are downloading software. The official Zoom download page is at zoom.us/download, while the malicious site associated with this campaign is zoommanager.com.

Zoom call on MacBook

Image courtesy of Tom's Guide For further insights, refer to:

Staying Secure in a Threatening Landscape

To protect against these types of threats, organizations and individuals should implement robust cybersecurity measures. Regular updates of antivirus software are essential, along with the adoption of additional security tools such as virtual private networks (VPNs) and password managers. If you’re considering a VPN, you might want to check out a Surfshark review to see how it compares in terms of privacy features, affordability, and ease of use. Furthermore, being aware of common phishing tactics can significantly reduce the risk of falling victim to these attacks. Cybersecurity marketing solutions like GrackerAI can assist organizations in creating content that addresses these emerging threats and helps in educating stakeholders. By automating insight generation from industry developments, GrackerAI enables marketing teams to effectively monitor threats and produce timely, relevant content that resonates with decision-makers in cybersecurity. Explore GrackerAI's services for enhancing your cybersecurity marketing efforts by visiting GrackerAI.

Latest Cybersecurity Trends & Breaking News

Commvault RCE Vulnerability Cybercrime Losses in 2024

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 

Deepak Gupta is a technology leader with deep experience in enterprise software, identity systems, and security-focused platform architecture. Having led CIAM and authentication products at a senior level, he brings strong expertise in building scalable, secure, and developer-ready systems. At Gracker, his work focuses on applying AI to simplify complex technical workflows while maintaining the accuracy, reliability, and trust required in cybersecurity and B2B environments.

Related Articles

The Future of Search: A Complete Guide to AEO and GEO for 2026
AEO

The Future of Search: A Complete Guide to AEO and GEO for 2026

Stop chasing blue links. Learn how to master Answer Engine Optimization (AEO) and Generative Engine Optimization (GEO) to dominate AI search results by 2026.

By Deepak Gupta July 6, 2026 6 min read
common.read_full_article
Programmatic SEO vs. Traditional Content: A Scaling Strategy for B2B SaaS
Programmatic SEO

Programmatic SEO vs. Traditional Content: A Scaling Strategy for B2B SaaS

Stop choosing between scale and trust. Learn the Hybrid Scaling Model for B2B SaaS to master programmatic utility and human-centric authority in the GEO era.

By David Brown July 3, 2026 8 min read
common.read_full_article
Why Your Marketing Stack Needs More Than One Good Email Tool
email marketing stack

Why Your Marketing Stack Needs More Than One Good Email Tool

Stop relying on a single email tool to do everything. Discover why diversifying your email infrastructure improves deliverability and scales your marketing.

By Ankit Agarwal July 3, 2026 6 min read
common.read_full_article
15 Best AI Search Monitoring Tools to Track Brand Visibility Across ChatGPT, Claude & Google AI Overviews
AI search monitoring tools

15 Best AI Search Monitoring Tools to Track Brand Visibility Across ChatGPT, Claude & Google AI Overviews

Compare the 15 best AI search monitoring tools for 2026 to track brand visibility across ChatGPT, Claude, Perplexity, and Google AI Overviews

By Govind Kumar July 6, 2026 15 min read
common.read_full_article