Be Careful With Fake Zoom Client Downloads

SUMMARY :

A deceptive email containing a fake Zoom meeting invitation has been identified. Clicking the 'join' button leads to a website prompting users to install a purported Zoom client update. The downloaded executable, 'Session.ClientSetup.exe', is actually malware that installs an MSI package. This package deploys ScreenConnect, a remote access tool, allowing attackers to gain unauthorized access to the victim's computer. The malware establishes persistence by installing itself as a service and connects to a command and control server at tqtw21aa.anondns.net on port 8041. Users are advised to exercise caution when receiving unexpected Zoom invitations or update prompts.

OPENCTI LABELS :

phishing,downloader,screenconnect,fake update,remote access tool,zoom


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Be Careful With Fake Zoom Client Downloads