A New Vulnerability in Zoom Allows An Attacker To Record Your Meetings Anonymously

     A New Vulnerability in Zoom app

A Security Researcher found a New Vulnerability in one of the most popular and most trustworthy applications for Video Conferencing and Meetings, popularly known as ZOOM Meetings.

This vulnerability allows an attacker to record your meetings without permission or without getting know to you. This vulnerability can be exploited by malware which is discovered by Morphisec. An attacker can record chat text and screen sharing and many more without notifying any of the participants in those meetings, overall the attacker has full control over outputs.

The trigger is a malware that injects code in the process of the Zoom App and gives full output controls to the attacker. Normally, if the host gives permission to participants to record then they can record but this scenario can be changed by using malware to bypass this situation.

This can lead to spying on meetings. This increased more risks and previously 500,000 Zoom accounts have been sold on the dark web. The Most trustworthy application is turning to information-stealer by information stealers. This malware can be bypass by evading detection and prevention.

“We’ve alerted Zoom to this current security weakness and how it can be targeted by malicious actors. The video below demonstrates an attack simulation to illustrate in detail how this Zoom malware works” said Petrillo.

Now Zoom is becoming the Most Trustworthy to Most Vulnerable application. Companies like Google, SpaceX, and even NASA had banned their employees on the use of Zoom as they are working from home due to Covid-19.