The critical malware vulnerability discovered by IT security researchers at Morphisec enables hackers to voluntarily record Zoom sessions and capture chat text without any of the meeting participants’ knowledge or permission. What’s worse, the Zoom malware is even able to do this even though the host has disabled recording option for the participants. “The trigger (evading detection) is a malware that injects its code into a Zoom process without any interaction of the user and even if the host did not enable the participant to record. When recording in this way, none of the participants are notified that the session is being recorded while the malware fully controls the output,” Morphisec’s researcher Daniel Petrillo wrote in a blog post. This vulnerability opens a way for hackers to spy on Zoom sessions, as already over 500,000 accounts are currently available for purchase on the Dark Web. “Furthermore, Zoom is usually a trusted application; turning it into an info-stealer in this way acts as a means of evading detection and bypassing prevention,” Petrillo added. Petrillo in a video has demonstrated how this Zoom malware takes place during a Zoom session between a victim and the attacker. According to him, the vulnerability works on the latest version of Zoom with antivirus software and all of its security features turned on.
Petrillo noted that Morphisec has reported the vulnerability to Zoom. On Wednesday, Zoom rolled out the new Zoom 5.0 update with new security features and enhancements to address some of its biggest privacy and security issues. However, it is unclear if the Zoom 5.0 update has patched the flaw or not.