back to article Fake sites fool Zoom users into downloading deadly code

Beware the Zoom site you don't recognize, as a criminal gang is creating multiple fake versions aimed at luring users to download malware that can steal banking data, IP addresses, and other information. Threat researchers at cybersecurity firm Cyble found six fake Zoom sites offering applications that, if clicked on, will …

  1. Gene Cash Silver badge

    Extra domains

    This is what people get for all those stupid extra vanity domains. If we just stuck to .com we wouldn't have most of these.

    1. Anonymous Coward
      Anonymous Coward

      Re: Extra domains

      Doesn't matter, Google decided that most of the URL should be an unreadable grey colour.

      Besides, everyone knows not to click on links in emails, right?

    2. An_Old_Dog Silver badge
      Boffin

      Re: Extra domains

      Nah, if there were no vanity domains, crims would just exploit Unicode-based URLs. For example, what we call a "slash" is known in Unicode as a "solidus", U+2F. Unicode also has what they call a "fullwidth solidus", U+FF0F. Depending on which character set you're using, they look similar enough to be visually-confused. So right there, you've got the means to send people to a custom, malware-bearing URL.

    3. mobailey

      Re: Extra domains

      Spoken like an American.

      -mobailey

  2. J.G.Harston Silver badge

    Part of this is also the brain-dead decision by Zoom that: oh, we can't confuse our users by having them actually have to go through a proper install procedure, let's get it so ordinary-privilege users can have Zoom running by sticking it all in their UserApps directory, bypassing all their local Program Files protections.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like