WebMonitor RAT Hidden in Videoconferencing Software Installer

Share On Facebook
Share On Twitter
Share On Linkedin

On 29 April, Trend Micro reported a malicious campaign that used a booby-trapped installer for Zoom videoconferencing software to deliver the WebMonitor remote access trojan (RAT).1 WebMonitor is a RAT that can create and modify a victim’s files, record audio, log keystrokes, access webcams, view a streaming video of the victim’s screen, control system processes, and more.

Due to the ongoing Coronavirus pandemic, many organizations are relying on communication software to maintain their operations, and Zoom is one of the most popular videoconferencing options available.

While the report did not detail a specific distribution method, it did note that the malicious installer was not distributed through official sources such as Zoom’s website, the Apple App Store, or the Google Play Store.

Infoblox’s full report on this campaign will be available soon on our Threat Intelligence Reports page.

Labels:

Infoblox Threat Intel

Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access give us a backstage pass to the internet's inner workings. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox DNS Detection and Response solutions, so customers automatically get the benefits of it, along with ridiculously low false positive rates.

View All Posts

You might also be interested in

You might also be interested in

×