Analyzing a Zoom(link) hack:

Once in awhile a service may get compromised script or item in it – in a recent case, a Zoom link will actually take you to some random site as part of some sort of adware campaign??? However a closer look shows it is very important to test your links on email or sites:

The link I saw recently actually had a very odd looking script – script in a production service is generally minified sometimes, but won’t be oddly obfuscated or base64-encoded. The suspicious part of this script starts out in the <body> with an odd looking launchBase64:

Continue reading “Analyzing a Zoom(link) hack:”