
WebMonitor RAT Malware Found Bundled with Fake Zoom App Installers
Zoom video conferencing software is being used to spread a Remote Access Trojan (RAT). The malware, WebMonitor RAT, hijacks computers and uses them to mine cryptocurrencies. RAT malware is often bundled or zipped with legitimate files to silently infect a device without the user’s knowledge. The harmful bundles circulate on websites, in emails, on social media, and in messaging apps.
Cyber security researchers at TrendMicro found WebMonitor RAT bundled with legitimate Zoom video conferencing app downloaders. WebMonitor is a coinminer RAT used to mine cryptocurrencies on behalf of the hackers. The downloaders containing the RAT are not official files from Zoom or any other legitimate app download sites.

The new remote workforce and online schools have given hackers massive opportunities to steal sensitive data and money from unsuspecting people. Video conferencing apps such as Google Meet, Microsoft Teams, and Zoom have seen a surge in usage. Zoom suffered a myriad of hacks including bombing video calls due to loose security protocols.
Typically, remote workers are set up with company virtual private networks (VPNs) to give them secure tunnels to access corporate resources securely.
READ: Can RAT Malware Infect an iPhone?
The installers bundled with WebMonitor RAT malware do not come from official sources of the Zoom app downloader including the Apple App Store, Google Play. or Zooms website These fake downloaders are circulating online through social media and messaging apps.
A Remote Access Trojan or RAT is a type of malware that lets a hacker control your internet connected device. Once infected with RAT malware, hackers can use your computer like they were sitting in front of it. They can see files, read messages, install more apps, collect usernames and passwords from web browser, and use your device to spread the RAT malware to others. RAT malware can infect computers and smartphones.
Remote access trojan malware is often sent as an email attachment or software download with other files that appear or actually are legitimate.
How to Protect Your Device from Malware
All devices including iPhones are vulnerable to RAT malware. One of the best things you can do to protect your smartphone is to never root your Android device and don’t jailbreak your iPhone. To protect against malicious installers, users should only download Zoom from official app stores – like Google Play and the Apple App store – or from the Zoom website. This doesn’t just apply to Zoom, it’s a cyber security best practice for any software or app download or update.
- Always download software and apps from official sources – like Apple App Store, Google Play, or from the developer’s website.
- Do not download anything from within a game or any other software
- Use a unique password for all online accounts. If you cannot remember a password for each account, use a password manager to help you
- Using the same password and email for multiple online accounts can result in your money being stolen
How to Remove RAT Malware
RAT malware may not appear in the list of running software or hardware. The filename for WebMonitor RAT found on infected systems is Trojan.Win32.MOOZ.THCCABO. The best option is to install and activate security tools to detect malicious. Antivirus apps from McAfee and Webroot are both good options. Read this guide on How to Remove RAT Malware From an Android Phone