Fake Zoom Websites Are Tricking Users Into Downloading Malware

The sites are designed to replicate Zoom's home page, complete with the same designs, colors, and friendly download button.
Adam Rowe

Think twice before downloading Zoom online: Multiple fake sites are popping up claiming to offer free downloads of the popular video conferencing software, only to trick people into downloading malware instead.

Cybersecurity experts are ringing the warning bell on these fraudulent Zoom websites, all of which use the same malicious software, called “Vidar Stealer.”

Vidar Stealer is designed to steal information off the devices it's downloaded to, giving bad actors a backdoor into accessing anything from bank account logins to passwords or crypto-wallets. Here's what we know.

Fake Zoom Websites Look Like the Real Deal

The report is out from the cybersecurity firm Cyble's Research and Intelligence Lab (CRIL).

A tweet from an internet fraud watchdog listed the URLs of six different but similar malicious websites, and it's what first kicked off the CRIL investigation. This might go without saying, but please don't visit those URLs:

The fake websites are designed to replicate the Zoom software's home page, complete with the same designs, colors, and friendly orange “Sign up, it's free” button to encourage new users. And since the official Zoom URL — https://zoom.us — uses a “.us” domain rather than the more common “.com,” it's already slightly unusual, meaning that the fake URLs don't stand out quite as much.

Any users who stumble on one of these fake websites while trying to download Zoom won't see anything out of place if they don't look too closely at the URL. But one click later, it'll be too late.

Victims Will Still Download Zoom — But They'll Also Get Malware

Once executed, researchers found, two files are downloaded: ZOOMIN~1.EXE and Decoder.exe.

“Decoder.exe is a malicious .NET binary that injects the malicious stealer code into MSBuild.exe. Microsoft Build Engine (MSBuild) is a platform used to build applications. ZOOMIN~1.EXE is a clean file that launches the legitimate Zoom installer.”

In other words, the victims won't realize they've been tricked, because they'll actually still get the software they wanted. Meanwhile, the malware will go undetected, siphoning off personal data.

How to Stay Safe Online

Luckily, staying safe from this scam is relatively easy: Don't download Zoom unless you're positive it's from the official website. Or as CRIL puts it, identify “the legitimacy of the source before downloading any executables.”

Still, these tricks are surprisingly easy to fall for, and ironically the people most at risk for getting tricked are the ones who are the most confident that they're safe.

If you're a business manager trying to shore up security across all company devices used by your remote or hybrid workforce, we'd recommend a good remote access software, which may include features that limit downloads.

Antivirus software is great as well, and a password management tool can keep sensitive company logins secure even a device is compromised. Just make sure you double check which URL you're downloading them from — malware disguised as downloadable security tools is another common hacker scam.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free