Suspicious Zoom Child Processes
Suspicious Zoom Child Processes
Video-conferencing giant Zoom has emerged as the top enterprise video communications platform over the last several years. Its usage has increased dramatically with an upsurge of remote workers, attributed largely to shelter-in-place mandates following the COVID-19 pandemic. However, as Zoom’s popularity soared, flaws in both Windows and macOS systems have correspondingly received increased scrutiny by bad actors, who have increasingly relied on this attack vector to gain unauthorized access and escalate privileges onto targeted systems — including exploiting a local library validation function in Zoom to completely hijack an unsuspecting user’s webcam and microphone. Plausible attack scenarios could mean that attackers use their ill-gotten privileges to spy on targeted users, either in their personal lives or during important meetings where sensitive information is being shared.
What you need to know: Essentially, these local privilege escalation flaws take advantage of Zoom’s software architecture designs. These exploits can be launched by a local attacker, in which the adversary is someone who already has physical control of a vulnerable computer. Once the bugs are exploited, attackers can gain and sustain persistent access to various functions of a victim’s computer, which allows them to install ransomware, Trojans, spyware and numerous other types of malicious code into targeted systems for nefarious purposes.
Comments
Post a Comment