Welcome back to this week's Security bulletin!
March is going to end, and the news coming around from the globe is not pleasant because of the recent Coronavirus outbreak. Many companies have informed their employees to work from home to stop Virus spread, and they are conducting the meetings via video conference.
Zoom is a nine years old video conferencing application, but it gained popularity, and millions of people started to use it just because of the virus outbreak. Its simplicity and user-friendly interface attract companies to conduct meetings via the same. Unfortunately, researchers found that the Zoom application for Windows is vulnerable to "UNC path injection" that helps to steal the login credentials of the Windows system and even execute arbitrary commands.
The attackers exploit the fact that Windows automatically exposes a user's login name and NTLM (New Technology LAN Manager) password hashes to a remote SMB server when attempting to connect and download a file hosted on it. In order to get login details, the attacker sends malicious URLs to zoom, and once the user clicks it, the authentication data is in the hands of the attackers.
Zoom got notified about this bug, and they are working on the patches. In the meantime, Windows users can use other applications like Skype, Google Duo, etc. for video conferencing.
In our previous blog, we have mentioned TrickBot banking trojan, which specially designed to steal credit card and other banking credentials. The developers behind this trojan have built another android application that can intercept OTPs send to bank customers or push notification to complete fraud transactions. This application is known as "TrickMo", and the main target of this application is German users whose system is already captured by TrickBot trojan.
Researchers state that the infected Windows browsers act as "Man-in-the-browser" and asks users to install the malicious app for authentication. Once installed, the app can record video of Mobile phone's screen activities, monitor other apps, and event set itself as the default messaging app.
Surprisingly, this application comes with a self-destruction feature, which helps the attacker to wipe out all traces of the application on the Mobile phone. Researchers concluded that TrickBot is the most dangerous malware in the banking area.