Cybersecurity experts warn of fake Zoom sites distributing malware like Teramind for user surveillance. Learn how to protect yourself from this phishing campaign.
© RusPhotoBank
Cybersecurity experts from Malwarebytes have uncovered a new campaign where threat actors are creating fake websites that impersonate the official Zoom video conferencing service. These fraudulent sites distribute malware designed for covert user surveillance.
According to the specialists, the scammers promote these counterfeit pages through paid advertising and search engine optimization. When users attempt to join an online meeting via the web interface, the site simulates technical issues like audio interruptions and video delays. Visitors are then prompted to download a "Zoom installer" supposedly to fix the problem. In the rush of the moment, many agree to download the file.
Analysis revealed that the installation package contains legitimate corporate software for remote control called Teramind. Such tools often evade antivirus detection since they're officially used in business environments, which is precisely what the attackers exploit by embedding the program in their phishing distribution.
Once installed, Teramind can operate in stealth mode without appearing in the system. The program can record keystrokes, take regular screenshots, monitor visited websites, running applications, clipboard contents, as well as file and email activities. This type of surveillance is difficult to detect without specialized security tools.