A new malware disguised as Zoom is currently targeting macOS users who are not sufficiently cautious.
Although macOS users are often considered less exposed to cyberattacks than Windows users, the reality is that cyber threats do not completely bypass them. A new virus, disguised as a fake Zoom plugin, has started targeting Mac users, using techniques to trick them and infiltrate their systems.
A user reported being the target of two attack attempts through a link that appeared to download a legitimate Zoom plugin. In reality, this link directed users to a malicious script that installed an executable file on macOS, infecting the device.
Alex “Jay” Bălan, a cybersecurity expert, analyzed the link and discovered that it executes a Base64-obfuscated bash script. This script copies a hidden file (.Zoom) into a temporary folder on the victim's system and runs it. Particularly alarming is the fact that only 2 out of 23 antivirus programs detected this threat, suggesting it is quite sophisticated.
Table of Contents
Malware Applications for Mac Can Affect a Large Number of Users
One concerning aspect highlighted by this attack is the attitude of many Mac users toward cybersecurity. Unlike Windows users, who are accustomed to using antivirus and anti-malware solutions, macOS users often rely solely on the system's built-in security measures. This excessive confidence can make them vulnerable to sophisticated attacks that bypass traditional protection mechanisms.
This is precisely what the malware disguised as Zoom exploits—the lack of antivirus/anti-malware protection and the naivety of users who download applications from dubious links and execute commands in the Terminal utility without understanding what they do or their purpose.
How to Protect Yourself from This Malware Disguised as Zoom and Other Cyber Attacks on macOS
First, always verify the source before downloading applications or plugins. Even seemingly legitimate software can hide threats. With careful analysis, a user can determine whether the website they are downloading the application from is legitimate or not. As in this case, the malware disguised as Zoom is downloaded from a suspicious website but starts with "zoom" to mislead users.
Do not drag and execute unknown files in Terminal. This is a common trick used by attackers to bypass macOS security measures. The Terminal utility can execute command lines and scripts that can either bypass or disable macOS security protections.
Use updated security software. Even though many threats initially go undetected, frequent updates to antivirus and anti-malware applications can increase the chances of protection.
Keep your operating system and applications updated. Security patches released by Apple can block vulnerabilities exploited by attackers.
Related: What Does the Rapid Security Response Update Mean and How Does It Help?
Install applications from trusted sources.Preferably, use the App Store for installing macOS applications or trusted websites of developers who digitally sign their apps.
Regarding this malware disguised as Zoom, analysts continue to study it, and investigations are ongoing. In the meantime, it is important to remain vigilant and adopt stricter security practices, regardless of the platform we use. This incident is yet another wake-up call that macOS users are not immune to cyberattacks.
