New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
Cybersecurity researchers at Sublime Security uncovered a sophisticated phishing scam using fake, interactive JavaScript-based Zoom meeting invites to trick Windows users into downloading ScreenConnect malware. The attack spoofs legitimate Zoom emails and waiting rooms, simulating a real meeting with fake participants and technical issues to convince victims a software update is needed, ultimately granting attackers remote control of compromised machines.
Summary
Cybersecurity researchers at Sublime Security uncovered a sophisticated phishing scam using fake, interactive JavaScript-based Zoom meeting invites to trick Windows users into downloading ScreenConnect malware. The attack spoofs legitimate Zoom emails and waiting rooms, simulating a real meeting with fake participants and technical issues to convince victims a software update is needed, ultimately granting attackers remote control of compromised machines.
Full text
Security MalwareNew Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware. byDeeba AhmedMarch 20, 20262 minute read In a world where many of us move constantly from one video call to the next, a clever new trick is being used to break into home and office computers. Researchers from Sublime Security recently reported a scam that uses a very realistic, but entirely fake, Zoom meeting to trick people into downloading malware. The attack usually begins with a simple email that looks exactly like a standard Zoom invitation, featuring a large button to start the meeting. However, instead of going to the official Zoom website, it launches a series of fake security checks. Zoom invite (Source: Sublime Security) A scripted waiting room Researchers explained that after the user passes a spoofed security test, a screen appears that looks exactly like a Zoom waiting room, even showing how long the meeting is supposed to last and how many people are already there. If the person is using a Windows computer, the scam continues; it stops when it detects a system such as an Apple Mac. According to Sublime Security’s blog post, shared with Hackread.com, the most surprising part is what happens after you click join. Instead of a real call, the browser runs JavaScript to create a live, interactive simulation of a meeting. This allows scammers to include fictitious participants such as Matthew Karlsson and Sarah Chen. To make it feel real, the script even triggers choppy audio and warnings about a Network Issue, but this is just a trick to make the user believe their software is glitching and needs a fix. Spoofed security check and fake meeting joining prompt (Source: Sublime Security) The trap is set Software updates, as we know them, are a regular part of digital life; therefore, when a pop-up appears during this fake call saying “Update Available,” many do not think twice. The site then redirects to a fake Microsoft Store page to download the file. However, this file actually installs a tool called ScreenConnect. While this is a real tool used by IT departments to help people remotely, in this case, it is set up to give the attackers complete control over the victim’s computer. Researchers highlighted several clues that indicate the invite was a fake. For instance, the emails came from a standard Gmail address rather than an official company account, and the website address for the meeting was entirely unrelated to Zoom. A growing trend of platform abuse “Zoom abuse and impersonation have become popular lure tactics for attackers,” Sublime researchers noted, adding that this latest attempt stood out because of the extreme lengths the hackers went to fool people. Previous coverage from Hackread.com has also noticed a pattern of hackers exploiting the Zoom platform. We’ve reported similar campaigns in March 2026, where hackers used convincing clones of waiting rooms and fake certificates to deploy stealthy employee monitoring tools that log keystrokes and record screens. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CybersecurityFraudMalwarePhishingScamSublime SecurityWindowsZoom Leave a Reply Cancel reply View Comments (0) Related Posts Security Change.org sends password reset email after CloudBleed bug Change.org, a famous online petition website is sending emails to its registered petitioners encouraging them to change their… byWaqas News Hacking News Security LastPass: Hackers Stole User Data and Encrypted Password Vaults It turns out that hackers stole much more than just the source code from LastPass. byDeeba Ahmed Read More Security Phishing Scam 99% of UAE’s .ae Domains Exposed to Phishing and Spoofing Only 1.11% of UAE's 37,926 .ae domains have implemented DMARC, leaving most vulnerable to phishing and and spoofing attacks. byWaqas Leaks Security Baby clothing giant Carter’s exposed trove of shoppers data Carter’s failure to implement proper authentication protocols on the store’s parcel tracking pages exposed data and shoppers to scams. byWaqas
Indicators of Compromise
- malware — ScreenConnect