We did not have time that hackers are using fake Zoom domains to distribute malware, as a new vulnerability in the online conferencing software has come to light. It turns out that the Zoom client for Windows allows attackers to steal the user's credentials in the operating system through the UNC link sent to the interlocutor in the chat window.
Hackers can use the "Β» to get the login and password of the OS user account. This is probably due to the fact that Windows sends credentials when it connects to a remote server to download a file. All an attacker needs to do is send a link to the file to another user via Zoom chat and convince the other person to follow it. Despite the fact that Windows passwords are transmitted in encrypted form, the attacker who discovered this vulnerability claims that it can be decrypted by the appropriate tools if the password is not complex enough.
As Zoom has grown in popularity, it has come under scrutiny from the cybersecurity community, which has begun to look more closely at the weaknesses of the new video conferencing software. Earlier, for example, it was discovered that the end-to-end encryption (end-to-end) declared by the developers in Zoom is actually absent. A vulnerability discovered last year that made it possible to remotely connect to a Mac computer and turn on a video camera without the permission of the owner has been fixed by the developers. However, the solution to the problem with the UNC injection in Zoom itself has not yet been reported.
Currently, if you need to work through the Zoom application, it is recommended to either disable automatic transmission of NTML credentials to a remote server (change the Windows security policy settings), or simply use the Zoom client to surf the Internet.
Source: 3dnews.ru