Hackers take advantage of community gatherings to spread malware via fake Zoom invites

Hackers have been forging invitation reminders for virtual meetings at community associations and school boards in an attempt to infect attendees with malware.

Email protection provider Avanan noticed(Opens in a new window) the March attacks. Hackers send emails pretending to come from a community group or school board, but the included PDF was designed to infect the recipient’s PC with malware.

The scheme capitalizes on how the COVID-19 pandemic has seen many people and community groups adopt video calls as a way to meet online. It’s now common for users to find virtual meeting invitations and reminders in their email inboxes.

Unfortunately, hackers know that they can exploit the same meetings to spread malware and instigate other nefarious schemes, such as “zoom bombing.” In this case, Avanan noted that attackers will pretend to send fake meeting invitations for Zoom video conferencing software.

Example of one of the attacks.

(advance)

“It is easy for this attack to show legitimacy,” the security firm wrote in a blog post. “The counterfeit association is legitimate; all public meetings are public record, so the dates may coincide. With just a PDF, it can easily be viewed as a calendar invite attached to an email.”

When clicked, the PDF-based invitation can redirect a user to a website that prompts them to download a malicious program onto their machine. “The code embeds itself in system memory and can share local computer contents with the malicious party,” Avanan added.

Recommended by Our Editors

Avanan also warns that hackers could easily expand their attacks to target more victims. “There are countless community associations across the country and the world. There are also tons of video conferencing platforms to take advantage of,” the security firm said.

To avoid being phishing, you should always verify the sender’s address before engaging with an email. If something looks wrong, the email is most likely spoofed. Another red flag is if the email asks you to download software from an unofficial website. If in doubt, ask the administrator of a community association or school board if they did in fact send the email in question.

SecurityWatch<\/strong> newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2022-03-24T14:57:33.000000Z”,”last_published_at”:”2022-03-24T14:57:28.000000Z”,”created_at”:null,”updated_at”:”2022-03-24T14:57:33.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs”>

Do you like what you are reading?

Enroll in security surveillance newsletter for our top privacy and security stories delivered directly to your inbox.

This newsletter may contain advertising, offers or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You can unsubscribe from newsletters at any time.

Leave a Reply

Your email address will not be published.