If you thought joining a video meeting was as simple as clicking a link, it’s time to reconsider. Recent research has revealed a campaign known as ‘Zoom Stealer’, which has been surreptitiously impacting more than two million users of Chrome, Firefox, and Edge. This campaign centres on the use of 18 covert browser extensions, all operating in the background to gather details from corporate meetings. Data such as meeting links, topics, descriptions, and, most concerning, embedded passwords are being siphoned off, offering attackers a clear window into discussions that are meant to remain private.
The shift towards widespread remote work has prompted threat actors to adjust their tactics accordingly. Meeting URLs and IDs—which often contain access credentials—have become highly attractive targets. Inadequate management of browser extensions can easily transform a routine project catch-up into a public opportunity for exploitation.
Protecting against these threats starts with regular reviews of your browser extensions and removing any you do not recognise or no longer use. Ensuring your browsers are kept up to date is also vital, as it enables the latest security updates to take effect. Sharing these practices with colleagues is crucial, since a single compromised browser can compromise the security of whole teams. For organisations, taking advantage of centralised IT controls to manage extension deployments adds an extra layer of defence.
The ‘Zoom Stealer’ incident underlines that a forgotten or unchecked extension can be every bit as risky as a weak password. Vigilance with browser security should be routine; every extension installed is given access to meetings, chats, and countless corners of workplace information.
Source: Bleeping Computer
