Beware of Zoom, Google Docs and Box links that could be sent to you, warns the company Varonis, a specialist in cybersecurity. Unveiled this Wednesday, May 11, a report, which CNEWS was able to consult in preview, alerted to a new URL “spoofing” technique aimed at sharing phishing links.
In it, US researchers from Varonis Threat Labs claim to have discovered bugs that “allow any malicious actor to modify vanity URLs” [c’est-à-dire une adresse internet qui a été conçue pour être facile à lire et à taper] so that the phishing links appear to come from a trusted company”.
Clearly, cybercriminals can generate short addresses, like this “app.example.com/s/1234”, which can be offered to link to Zoom, Google Docs and Box platforms, which invite participation in a videoconference or to share documents online. Problem, the links can reach malware or even platforms inviting to enter personal or professional identifiers (login and password) to usurp them afterwards. With this type of privileges, it is then possible to put a well-known domain name in order to gain the trust of an Internet user who will then be less suspicious when it comes to clicking on it.
Varonis thus demonstrated that it was possible in particular to attach a malicious .pdf document to a link. On Zoom this system even allowed researchers to create a webinar with a registration and accession system that goes under the radar of cybersecurity platforms and even to add any official logo to it to always fool the users. In a demonstration video (at the beginning of the article), Varonis demonstrated, for example, how it was possible to create a chat room on Zoom with a link called “apple.zoom.us” and add the famous logo of the apple mark.
A serious threat
Varonis therefore recommends being particularly vigilant before clicking on a Zoom link to access a meeting. The researchers specify that Zoom teams are currently working on a solution to resolve the problem.
The problem also concerns Google Docs, a solution that allows online documents to be shared in the cloud, in order to allow different collaborators to work on the same shared file, for example. Again, Varoni explained that it was possible to hijack Google Docs links to get a user to leave credentials to access them. A bug that Google itself has recognized and is working on to fix it.