Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Zoom Installers Used to Spread WebMonitor RAT
Oldest First  |  Newest First  |  Threaded View
ArcherPatten
ArcherPatten,
User Rank: Apprentice
5/10/2020 | 12:32:10 PM
Re: Thanks
i hope so
tdsan
tdsan,
User Rank: Ninja
5/11/2020 | 2:08:15 PM
Where did they get the Rat from?

The WebMonitor RAT is spread using legitimate but malicious installers; those bundled with malware don't come from official sources that include Zoom's download center, the Apple App Store, or Google Play.

Since the Zoom rep. posted that we should only download the installer from registered sources, where did they get the download from (was there a mention of the specific location), I was curious because this could have come from a legitimate site or their session could have been intercepted and someone sent information posing as Zoom.

Not sure, please advise.

Todd


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2993
PUBLISHED: 2022-12-09
There is an error in the condition of the last if-statement in the function smp_check_keys. It was rejecting current keys if all requirements were unmet.
CVE-2022-4390
PUBLISHED: 2022-12-09
A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do...
CVE-2022-45290
PUBLISHED: 2022-12-09
Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.
CVE-2022-41299
PUBLISHED: 2022-12-09
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...
CVE-2022-4170
PUBLISHED: 2022-12-09
The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.