Hackers are using various tactics to spread malware, including targeting virtual communication tools like Zoom. Recently, CRIL reported a phishing campaign that delivered IcedID malware to users’ machines.
IcedID, also known as BokBot, is a banking trojan that steals victims’ banking credentials and is particularly harmful to businesses as it can also steal payment information. Additionally, it acts as a malware loader, allowing it to distribute other malware families or download additional modules.
The attackers typically distribute IcedID malware through spam emails with malicious Office file attachments, but in this campaign, they delivered the malware through a phishing website, which is a less common method.
They created a phishing page to resemble a legitimate Zoom website and tricked users into downloading the IcedID malware by claiming it was a Zoom installer file. There is currently no information confirming whether user data was stolen.
In early 2022, Armorblox reported a cyber attack where social engineering tactics impersonated a Zoom meeting invitation, resulting in 10,000 victims clicking on a malicious link.
To avoid falling victim to similar phishing attempts, experts advise approaching emails with caution and carefully scrutinizing their content before clicking on any links or downloading attachments. Be aware that phishing emails may contain grammatical errors, mimic the sender’s email address, and have links that redirect to unexpected destinations.