Zoom Exploits: Malware and Ransomware Threats

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 
September 16, 2025 3 min read

Malware Distribution via Zoom Remote Control Features

Hackers are exploiting Zoom's remote control functionality to infect devices with malware. This method relies on social engineering tactics to trick users into granting access, thereby allowing attackers to install malicious software or exfiltrate sensitive data. The cybercriminal group known as ELUSIVE COMET has been identified as a key perpetrator in these attacks. They employ a strategy that involves creating fake accounts and using them to establish a rapport with their targets, often through social media platforms. Security experts emphasize that the attackers typically initiate contact with potential victims by offering media opportunities or interviews. Once a connection is established, they arrange a Zoom meeting, during which they send a remote control request disguised as a system notification. Victims, caught off guard or less tech-savvy, may inadvertently accept control requests. This grants the attacker full access to the victim's device, enabling them to install malware and steal sensitive information, including cryptocurrency. To mitigate risks, it is advised to avoid accepting Zoom calls from unknown contacts and to disable remote control functionality during meetings. Organizations should also implement monitoring systems that flag suspicious activity and educate employees about the signs of phishing attempts.

Zoom down

Image courtesy of Tom's Guide For more details, see the following resources:

Ransomware Threats from Fake Zoom Installers

Hackers are also deploying ransomware through fake Zoom installers. The BlackSuit ransomware gang has been identified as a major player in this scheme. Instead of downloading the legitimate Zoom application from the official website, users are misled to visit counterfeit sites that appear similar to the legitimate one. Once users download the fake installer, the ransomware becomes active, hiding on the system until it begins encrypting sensitive data and demanding a ransom for decryption. The BlackSuit ransomware is particularly dangerous as it targets critical sectors, including healthcare and law enforcement. It uses a sophisticated method to ensure it remains undetected by standard security measures. After initially evading detection, it connects to a command server where additional malicious components are downloaded. It is crucial for users to verify the authenticity of the sites from which they are downloading software. The official Zoom download page is at zoom.us/download, while the malicious site associated with this campaign is zoommanager.com.

Zoom call on MacBook

Image courtesy of Tom's Guide For further insights, refer to:

Staying Secure in a Threatening Landscape

To protect against these types of threats, organizations and individuals should implement robust cybersecurity measures. Regular updates of antivirus software are essential, along with the adoption of additional security tools such as virtual private networks (VPNs) and password managers. If you’re considering a VPN, you might want to check out a Surfshark review to see how it compares in terms of privacy features, affordability, and ease of use. Furthermore, being aware of common phishing tactics can significantly reduce the risk of falling victim to these attacks. Cybersecurity marketing solutions like GrackerAI can assist organizations in creating content that addresses these emerging threats and helps in educating stakeholders. By automating insight generation from industry developments, GrackerAI enables marketing teams to effectively monitor threats and produce timely, relevant content that resonates with decision-makers in cybersecurity. Explore GrackerAI's services for enhancing your cybersecurity marketing efforts by visiting GrackerAI.

Latest Cybersecurity Trends & Breaking News

Commvault RCE Vulnerability Cybercrime Losses in 2024

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 

Cybersecurity veteran and serial entrepreneur who built GrackerAI to solve the link between B2B SaaS product and search engine. Leads the mission to help cybersecurity brands dominate search results through AI-powered product-led ecosystem.

Related Articles

Quality at Scale: How AI Solves Programmatic SEO's Biggest Challenge

Discover how AI transforms thin programmatic content into high-quality pages that survive Google's 2025 updates. Includes quality metrics and implementation guide.

By Deepak Gupta October 2, 2025 13 min read
Read full article

How AI Tools and Outlook Email Templates Can Streamline Communication

AI writing tools and Outlook templates save time, reduce errors, and boost focus. Learn how smart content and automation turn email into a productivity tool.

October 2, 2025 7 min read
Read full article
lookalike audience

Expand Your Reach: How to Create a Lookalike Audience

Learn how to create lookalike audiences to expand your reach, target high-value leads, and drive B2B SaaS growth. A cybersecurity growth hacking guide.

By Deepak Gupta October 2, 2025 4 min read
Read full article
Link Building

How to Succeed in Link Building Outreach in 2026

Learn effective link-building outreach strategies in 2026 to get quality backlinks with personalized emails, relevance, and real value.

By Deepak Gupta October 1, 2025 4 min read
Read full article