Skip to Main Content

COVID-19 Impact: Cyber Criminals Target Zoom Domains

During the past few weeks, there has been a major increase in new domain registrations with names including “Zoom”—one of the most common video communication platforms used around the world. Since the beginning of the year, more than 1700 new domains were registered and 25% of them were registered in the past week.

Out of these registered domains, 4% have been found to contain suspicious characteristics. Other applications have also been targeted by cyber criminals. New phishing websites have been spotted for every leading communication application, including the official website, which was impersonated by googloclassroom\.com and googieclassroom\.com.

Zoom daily registrations graph

Be Aware of Downloading Unexpected Malicious Files

Files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” (# representing various digits. Once these files are run leads to an installation of the infamous InstallCore PUA on the victim’s computer which could potentially lead to additional malicious software installation.

Zoom download manager

Security Tips on How to Stay Safe

Safe internet browsing and downloading files are essential as cybercriminals continue to target users while working remote. Below are Check Point’s recommendations to help keep you protected:

  1. Be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts.
  2. Don’t open unknown attachments or click on links within the emails.
  3. Beware of lookalike domains, spelling errors in emails and websites, and unfamiliar email senders.
  4. Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.
  5. Make sure to secure the settings of applicable applications i.e. Zoom from the default settings.