2020 will always be remembered as the year where video conferencing hit the mainstream, as a response to the coronavirus pandemic. But with increased use of teleconferencing software, it was only a matter of time before hackers would surface to cause disruptions. With apps like Zoom exploding in popularity, now a new form of malware that employs remote overlay attacks, has hit Brazilian bank account holders using video conferencing software.
In October of 2020, IBM security’s Chen Nahman, Ofir Ozer, and Limor Kessem announced that they had discovered Vizom, a new malware attacking video conferencing software users in Brazil. The malware can stay hidden as it compromises systems using remote overlay techniques and DLL hijacking.
How Does Vizom Compromise Systems?
Vizom is spread via phishing campaigns in emails purportedly sent by app maker Zoom. Once the malware is downloaded, it hits the AppData directory and starts infecting the system. Utilizing DLL hijacking, it also tries to force malicious DLLs to be loaded.
IBM explained that when hijacking a system, the computer’s operating system gets duped into loading the malware as a child process of a real video conferencing file. The DLL that is used is Cmmlib.dll, a file that is found on systems of Zoom users.
“To make sure that the malicious code is executed from ‘Cmmlib.dll,’ the malware’s author copied the real export list of that legitimate DLL but made sure to modify it and have all the functions direct to the same address — the malicious code’s address space,” explained the researchers.
Once the malware has discovered that a user has accessed an online banking service, the malware operators receive an alert to connect to the user’s PC remotely. With RAT capabilities deployed, hackers can take over and overlay content that fools victims’ into sending their account credentials for their bank account.
In addition, Windows API functions are also compromised. This includes taking over the mouse, keyboard, and controlling clicks. Screenshots are even initiated through Windows’s print and magnifier functions.
At this time, Vizom is focused on large Brazilian banks; however, these same tactics have been used against users across South America and have already been observed against banks in Europe as well.
Well, if you weren’t already overwhelmed with using video conferencing apps like Zoom, Vizom is undoubtedly a legitimate cause for concern.
If you are still having trouble, consider contacting remote technical support options.