As more people have been forced to work or stay at home due to the coronavirus, there’s been a much greater reliance on virtual meeting software to communicate with co-workers, colleagues, friends, and family. And as cybercriminals have been exploiting all aspects of COVID-19 for their own nefarious purposes, so too have they been taking advantage of virtual meeting apps to spread malware.
In a report released on Wednesday, Kaspersky found that a variety of virtual meeting programs are being exploited by bad actors. One in particular leads the pack; Skype came in top with a total of 120,000 suspicious files using its name for both malware and adware. Among these files, Kaspersky spotted many that were deploying Trojans that can give criminals a backdoor into infected computers.
Among the 1,300 other suspicious files discovered by Kaspersky, 42% were caught spoofing Zoom, 22% were exploiting WebEx, 13% GoToMeeting, 11% Flock, and 11% Slack. Other apps caught in the wave include Join.me, Lifesize, Microsoft Teams, and HighFive. In many cases, the malicious files were given names similar to Zoom, WebEx, and other meeting applications.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
Analyzing those 1,300 files, Kaspersky found 200 threats, mostly from two adware families known as DealPly and DownloadSponsor. Both of these carry installers that display ads or download adware modules and often appear on machines and devices after being downloaded from unofficial marketplaces. Beyond the adware, Kaspersky discovered some threats disguised as .lnk files, which are shortcuts to applications. Most of these were identified as Exploit.Win32.CVE-2010-2568, an old piece of malicious code that could infect computers with additional malware.
Kaspersky found only a moderate rise in the number of attacks disguised as social meeting apps, but the threat is still of concern with so many people working from home, especially those who use Skype. “They are not moderate when it comes to Skype, but this application, due to its popularity, has traditionally been a target for cyberthreat actors for many years,” Denis Parinov, Kaspersky security expert, said in a press release.
“At the same time, we consider it important to let people know about the existence of such threats. In the current landscape, when most of us are working from home, it is extremely important to make sure that what we use as a tool for online social meeting is downloaded from a legitimate source, set up properly, and doesn’t have severe unpatched vulnerabilities.”