The bad news for Zoom keeps coming rolling in with Trend Micro researchers finding CoinMiner being bundled with a legitimate installer of the video conferencing software.
The good news is the installer, Zoom installer version 126.96.36.199, is not from the company’s official download center, but likely from a fraudulent third-party store, Trend Micro reported. However, it does install a working version of zoom, along with the cryptocurrency mining malware.
CoinMiner is capable of mining bitcoin, Monero, and Ethereum and when operating soaks up the majority of a systems computing resources causing it to run slowly and use a great deal of extra power.
Recommended Reading: Mozilla patches exploited zero-day flaw in Firefox
Once injected into a system the malware first does a system check. Using the CPUinfo tool it determines whether the device is running a 64 or 32-bit system and will then drop into any 64-bit computer encountered. There is no 32-bit version of the malware being used.
Further information on the systems GPU, operating system, video controllers and processors has then gathered along with a determination if the target is running Windows Defender, Microsoft Smartscreen or an antivirus program and if found the malware will attempt to hide itself.