Beware! A Fake Zoom Installer Drops BlackSuit Ransomware on Your Windows Systems

Cybersecurity analysts have uncovered a sophisticated campaign exploiting a fake Zoom installer to deliver BlackSuit ransomware across Windows-based systems.

The attack, documented by DFIR experts, highlights how threat actors are leveraging popular software to deceive unsuspecting victims into installing malware capable of crippling entire networks.

The Fake Zoom Installer

The malicious activity began with a website mimicking Zoom’s legitimate domain, enticing users to download a file named “Zoom_v_2.00.4.exe.”

This website, cleverly crafted to resemble the legitimate Zoom interface, fooled users into believing they were downloading the popular teleconferencing software.

Behind the scenes, however, the installer functioned as a delivery mechanism for a multi-stage malware attack chain.

The fake installer was built using Inno Setup—a legitimate installer creation tool. Its payload included “d3f@ckloader,” a sophisticated downloader designed in Pascal scripting language.

Upon execution, the malicious code leveraged multiple stages ...