Zoom Exploits: Malware and Ransomware Threats

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 
September 16, 2025 3 min read

Malware Distribution via Zoom Remote Control Features

Hackers are exploiting Zoom's remote control functionality to infect devices with malware. This method relies on social engineering tactics to trick users into granting access, thereby allowing attackers to install malicious software or exfiltrate sensitive data. The cybercriminal group known as ELUSIVE COMET has been identified as a key perpetrator in these attacks. They employ a strategy that involves creating fake accounts and using them to establish a rapport with their targets, often through social media platforms. Security experts emphasize that the attackers typically initiate contact with potential victims by offering media opportunities or interviews. Once a connection is established, they arrange a Zoom meeting, during which they send a remote control request disguised as a system notification. Victims, caught off guard or less tech-savvy, may inadvertently accept control requests. This grants the attacker full access to the victim's device, enabling them to install malware and steal sensitive information, including cryptocurrency. To mitigate risks, it is advised to avoid accepting Zoom calls from unknown contacts and to disable remote control functionality during meetings. Organizations should also implement monitoring systems that flag suspicious activity and educate employees about the signs of phishing attempts.

Zoom down

Image courtesy of Tom's Guide For more details, see the following resources:

Ransomware Threats from Fake Zoom Installers

Hackers are also deploying ransomware through fake Zoom installers. The BlackSuit ransomware gang has been identified as a major player in this scheme. Instead of downloading the legitimate Zoom application from the official website, users are misled to visit counterfeit sites that appear similar to the legitimate one. Once users download the fake installer, the ransomware becomes active, hiding on the system until it begins encrypting sensitive data and demanding a ransom for decryption. The BlackSuit ransomware is particularly dangerous as it targets critical sectors, including healthcare and law enforcement. It uses a sophisticated method to ensure it remains undetected by standard security measures. After initially evading detection, it connects to a command server where additional malicious components are downloaded. It is crucial for users to verify the authenticity of the sites from which they are downloading software. The official Zoom download page is at zoom.us/download, while the malicious site associated with this campaign is zoommanager.com.

Zoom call on MacBook

Image courtesy of Tom's Guide For further insights, refer to:

Staying Secure in a Threatening Landscape

To protect against these types of threats, organizations and individuals should implement robust cybersecurity measures. Regular updates of antivirus software are essential, along with the adoption of additional security tools such as virtual private networks (VPNs) and password managers. If you’re considering a VPN, you might want to check out a Surfshark review to see how it compares in terms of privacy features, affordability, and ease of use. Furthermore, being aware of common phishing tactics can significantly reduce the risk of falling victim to these attacks. Cybersecurity marketing solutions like GrackerAI can assist organizations in creating content that addresses these emerging threats and helps in educating stakeholders. By automating insight generation from industry developments, GrackerAI enables marketing teams to effectively monitor threats and produce timely, relevant content that resonates with decision-makers in cybersecurity. Explore GrackerAI's services for enhancing your cybersecurity marketing efforts by visiting GrackerAI.

Latest Cybersecurity Trends & Breaking News

Commvault RCE Vulnerability Cybercrime Losses in 2024

Deepak Gupta
Deepak Gupta

Co-founder/CEO

 

Cybersecurity veteran and serial entrepreneur who built GrackerAI to solve the link between B2B SaaS product and search engine. Leads the mission to help cybersecurity brands dominate search results through AI-powered product-led ecosystem.

Related Articles

growth hacking

8 Key Principles of Growth Hacking for Social Media and SEO

Unlock 8 growth hacking principles for B2B SaaS, focusing on social media & SEO. Drive cybersecurity growth with proven tactics.

By Abhimanyu Singh October 24, 2025 13 min read
Read full article

Navigating the Cybersecurity SaaS Marketing Landscape: Essential Questions for Value-Driven Strategies

Drive value with your cybersecurity SaaS marketing! Learn essential questions to shape winning strategies and achieve growth.

By Deepak Gupta October 23, 2025 9 min read
Read full article
ethical AI

Ethical AI in SaaS: What Legal Lessons Teach Us About Accountability and Trust

Discover how SaaS companies can build trust with ethical AI. Learn lessons from the legal sector on data protection, transparency, and accountability.

By Vijay Shekhawat October 23, 2025 5 min read
Read full article
business internet security

What Are the Best Practices for Business Internet Security at the Network Level?

Learn the best network-level security practices for businesses, including Zero Trust, MFA, EDR tools, segmentation, and secure monitoring.

By Ankit Lohar October 23, 2025 5 min read
Read full article