{"id":47432,"date":"2026-03-02T08:18:03","date_gmt":"2026-03-02T01:18:03","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47432"},"modified":"2026-03-04T08:19:06","modified_gmt":"2026-03-04T01:19:06","slug":"12-ngay-1-437-may-windows-bi-cai-cong-cu-giam-sat-tu-trang-zoom-gia-mao","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/12-ngay-1-437-may-windows-bi-cai-cong-cu-giam-sat-tu-trang-zoom-gia-mao\/","title":{"rendered":"12 ng\u00e0y, 1.437 m\u00e1y Windows b\u1ecb c\u00e0i c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t t\u1eeb trang Zoom gi\u1ea3 m\u1ea1o"},"content":{"rendered":"
Ch\u1ec9 trong 12 ng\u00e0y, m\u1ed9t website gi\u1ea3 m\u1ea1o trang c\u1eadp nh\u1eadt Zoom \u0111\u00e3 \u00e2m th\u1ea7m bi\u1ebfn 1.437 m\u00e1y t\u00ednh Windows th\u00e0nh c\u00f4ng c\u1ee5 theo d\u00f5i t\u1eeb xa. Kh\u00f4ng khai th\u00e1c l\u1ed7 h\u1ed5ng ph\u1ee9c t\u1ea1p, k\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng t\u00e2m l\u00fd ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1ed9t ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p \u0111\u1ec3 c\u00e0i c\u1eafm t\u00e1c nh\u00e2n gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng \u1ea9n ho\u00e0n to\u00e0n, kh\u00f4ng bi\u1ec3u t\u01b0\u1ee3ng, kh\u00f4ng c\u1ea3nh b\u00e1o v\u00e0 g\u1ea7n nh\u01b0 kh\u00f4ng \u0111\u1ec3 l\u1ea1i d\u1ea5u v\u1ebft r\u00f5 r\u00e0ng.
\n\u200b<\/div>\n
\n
\"zoom.png\"<\/div>\n<\/div>\n
\nChi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n ng\u00e0y 11\/2\/2026 tr\u00ean n\u1ec1n t\u1ea3ng Microsoft Defender for Endpoint. Thay v\u00ec s\u1eed d\u1ee5ng m\u00e3 \u0111\u1ed9c t\u1ef1 ph\u00e1t tri\u1ec3n, k\u1ebb t\u1ea5n c\u00f4ng tri\u1ec3n khai m\u1ed9t phi\u00ean b\u1ea3n b\u1ecb c\u1ea5u h\u00ecnh tr\u00e1i ph\u00e9p c\u1ee7a Teramind, m\u1ed9t c\u00f4ng c\u1ee5 gi\u00e1m s\u00e1t nh\u00e2n vi\u00ean th\u01b0\u01a1ng m\u1ea1i h\u1ee3p ph\u00e1p. Teramind x\u00e1c nh\u1eadn kh\u00f4ng li\u00ean quan v\u00e0 kh\u00f4ng cho ph\u00e9p vi\u1ec7c s\u1eed d\u1ee5ng ph\u1ea7n m\u1ec1m c\u1ee7a m\u00ecnh trong ho\u1ea1t \u0111\u1ed9ng n\u00e0y.<\/p>\n

Cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eaft \u0111\u1ea7u khi n\u1ea1n nh\u00e2n truy c\u1eadp trang uswebzoomus[.]com\/zoom\/, \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf gi\u1ed1ng h\u1ec7t ph\u00f2ng ch\u1edd c\u1ee7a Zoom. Ngay khi trang t\u1ea3i xong, h\u1ec7 th\u1ed1ng \u00e2m th\u1ea7m g\u1eedi t\u00edn hi\u1ec7u v\u1ec1 m\u00e1y ch\u1ee7 do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t. Ba ng\u01b0\u1eddi tham gia gi\u1ea3 g\u1ed3m \u201cMatthew Karlsson\u201d, \u201cJames Whitmore\u201d v\u00e0 \u201cSarah Chen\u201d l\u1ea7n l\u01b0\u1ee3t xu\u1ea5t hi\u1ec7n c\u00f9ng \u00e2m thanh th\u00f4ng b\u00e1o quen thu\u1ed9c v\u00e0 \u0111o\u1ea1n h\u1ed9i tho\u1ea1i l\u1eb7p l\u1ea1i ph\u00eda sau \u0111\u1ec3 t\u1ea1o c\u1ea3m gi\u00e1c ch\u00e2n th\u1ef1c.<\/p>\n

K\u1ecbch b\u1ea3n n\u00e0y ch\u1ec9 k\u00edch ho\u1ea1t khi c\u00f3 t\u01b0\u01a1ng t\u00e1c th\u1ef1c t\u1eeb ng\u01b0\u1eddi d\u00f9ng. C\u00e1c h\u1ec7 th\u1ed1ng qu\u00e9t t\u1ef1 \u0111\u1ed9ng kh\u00f4ng nh\u1ea5p chu\u1ed9t s\u1ebd kh\u00f4ng ghi nh\u1eadn d\u1ea5u hi\u1ec7u b\u1ea5t th\u01b0\u1eddng. Theo ph\u00e2n t\u00edch c\u1ee7a Malwarebytes c\u00f4ng b\u1ed1 ng\u00e0y 24\/2\/2026, chi\u1ebfn d\u1ecbch \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng xoay quanh y\u1ebfu t\u1ed1 thao t\u00fang t\u00e2m l\u00fd thay v\u00ec k\u1ef9 thu\u1eadt qu\u00e1 ph\u1ee9c t\u1ea1p.<\/p>\n

Tr\u00ean giao di\u1ec7n cu\u1ed9c g\u1ecdi gi\u1ea3, th\u00f4ng b\u00e1o \u201cNetwork Issue\u201d \u0111\u01b0\u1ee3c c\u1ed1 \u0111\u1ecbnh s\u1eb5n nh\u1eb1m t\u1ea1o c\u1ea3m gi\u00e1c l\u1ed7i k\u1ebft n\u1ed1i. \u00c2m thanh gi\u1eadt lag v\u00e0 h\u00ecnh \u1ea3nh \u0111\u00f3ng b\u0103ng khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng tin r\u1eb1ng \u1ee9ng d\u1ee5ng \u0111ang g\u1eb7p s\u1ef1 c\u1ed1. Kho\u1ea3ng 10 gi\u00e2y sau, c\u1eeda s\u1ed5 b\u1eadt l\u00ean xu\u1ea5t hi\u1ec7n v\u1edbi n\u1ed9i dung \u201cUpdate Available\u201d k\u00e8m \u0111\u1ed3ng h\u1ed3 \u0111\u1ebfm ng\u01b0\u1ee3c 5 gi\u00e2y v\u00e0 kh\u00f4ng c\u00f3 t\u00f9y ch\u1ecdn \u0111\u00f3ng.<\/p>\n

Khi b\u1ed9 \u0111\u1ebfm k\u1ebft th\u00fac, tr\u00ecnh duy\u1ec7t t\u1ef1 \u0111\u1ed9ng t\u1ea3i xu\u1ed1ng m\u1ed9t t\u1ec7p c\u00e0i \u0111\u1eb7t \u0111\u1ed9c h\u1ea1i. \u0110\u1ed3ng th\u1eddi, trang web hi\u1ec3n th\u1ecb m\u00e0n h\u00ecnh gi\u1ea3 m\u1ea1o Microsoft Store cho th\u1ea5y \u201cZoom Workplace\u201d \u0111ang \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t nh\u1eb1m \u0111\u00e1nh l\u1ea1c h\u01b0\u1edbng, trong khi t\u1ec7p th\u1ef1c s\u1ef1 \u0111\u00e3 xu\u1ea5t hi\u1ec7n trong th\u01b0 m\u1ee5c Downloads m\u00e0 kh\u00f4ng c\u00f3 c\u1ea3nh b\u00e1o b\u1ea3o m\u1eadt n\u00e0o.<\/p>\n

T\u1ec7p zoom_agent_x64_s-i(__941afee582cc71135202939296679e229dd7cced)(1).msi c\u00f3 m\u00e3 b\u0103m SHA 256 l\u00e0 644ef9f5eea1d6a2bc39a62627ee3c7114a14e7050bafab8a76b9aa8069425fa. T\u1ea1i th\u1eddi \u0111i\u1ec3m ph\u00e1t hi\u1ec7n, Microsoft Defender ch\u01b0a c\u1ea3nh b\u00e1o t\u1ec7p n\u00e0y tr\u00ean VirusTotal, khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng nh\u1eadn \u0111\u01b0\u1ee3c t\u00edn hi\u1ec7u r\u1ee7i ro r\u00f5 r\u00e0ng.
\n\u200b<\/p><\/div>\n

\n
\"Anh-whitehat-vn.png\"<\/div>\n<\/div>\n
\n\u0110i\u1ec1u \u0111\u00e1ng lo ng\u1ea1i n\u1eb1m \u1edf c\u00e1ch tri\u1ec3n khai. K\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng c\u1ea7n ph\u00e1t tri\u1ec3n m\u00e3 \u0111\u1ed9c m\u1edbi m\u00e0 l\u1ee3i d\u1ee5ng t\u00f9y ch\u1ecdn c\u00e0i \u0111\u1eb7t \u1ea9n c\u1ee7a Teramind \u0111\u1ec3 bi\u1ebfn m\u1ed9t ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p th\u00e0nh c\u00f4ng c\u1ee5 theo d\u00f5i b\u00ed m\u1eadt. Phi\u00ean b\u1ea3n n\u00e0y ho\u1ea1t \u0111\u1ed9ng ho\u00e0n to\u00e0n trong n\u1ec1n, kh\u00f4ng bi\u1ec3u t\u01b0\u1ee3ng tr\u00ean thanh t\u00e1c v\u1ee5, kh\u00f4ng hi\u1ec3n th\u1ecb \u1edf khay h\u1ec7 th\u1ed1ng v\u00e0 c\u0169ng kh\u00f4ng xu\u1ea5t hi\u1ec7n trong danh s\u00e1ch ch\u01b0\u01a1ng tr\u00ecnh \u0111\u00e3 c\u00e0i \u0111\u1eb7t.<\/p>\n

Th\u00f4ng tin b\u00ean trong g\u00f3i c\u00e0i \u0111\u1eb7t cho th\u1ea5y n\u00f3 \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng \u1edf ch\u1ebf \u0111\u1ed9 stealth, th\u1ec3 hi\u1ec7n qua th\u01b0 m\u1ee5c out_stealth trong c\u1ea5u tr\u00fac bi\u00ean d\u1ecbch. Sau khi \u0111\u01b0\u1ee3c th\u1ef1c thi th\u00f4ng qua Windows Installer, agent thu th\u1eadp t\u00ean m\u00e1y, t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng \u0111ang ho\u1ea1t \u0111\u1ed9ng, ng\u00f4n ng\u1eef b\u00e0n ph\u00edm v\u00e0 thi\u1ebft l\u1eadp v\u00f9ng h\u1ec7 th\u1ed1ng r\u1ed3i g\u1eedi d\u1eef li\u1ec7u v\u1ec1 m\u00e1y ch\u1ee7 Teramind do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.<\/p>\n

T\u1ec7p nh\u1ecb ph\u00e2n c\u1ee7a agent m\u1eb7c \u0111\u1ecbnh mang t\u00ean dwm.exe v\u00e0 \u0111\u01b0\u1ee3c c\u00e0i v\u00e0o th\u01b0 m\u1ee5c C:\\ProgramData{4CEC2908-5CE4-48F0-A717-8FC833D8017A}. Tr\u00ecnh c\u00e0i \u0111\u1eb7t c\u00f2n t\u00edch h\u1ee3p c\u01a1 ch\u1ebf ph\u00e1t hi\u1ec7n m\u00f4i tr\u01b0\u1eddng ph\u00e2n t\u00edch nh\u01b0 sandbox b\u1eb1ng k\u1ef9 thu\u1eadt debug environment detection. N\u1ebfu nghi ng\u1edd \u0111ang b\u1ecb theo d\u00f5i, n\u00f3 c\u00f3 th\u1ec3 thay \u0111\u1ed5i h\u00e0nh vi \u0111\u1ec3 n\u00e9 tr\u00e1nh c\u00f4ng c\u1ee5 b\u1ea3o m\u1eadt. Sau khi ho\u00e0n t\u1ea5t, c\u00e1c t\u1ec7p t\u1ea1m th\u1eddi b\u1ecb x\u00f3a \u0111\u1ec3 gi\u1ea3m d\u1ea5u v\u1ebft.<\/p>\n

Agent ti\u1ebfp t\u1ee5c ho\u1ea1t \u0111\u1ed9ng \u00e2m th\u1ea7m, ghi l\u1ea1i thao t\u00e1c b\u00e0n ph\u00edm, ch\u1ee5p m\u00e0n h\u00ecnh, theo d\u00f5i ho\u1ea1t \u0111\u1ed9ng web, clipboard v\u00e0 c\u00e1c t\u1ec7p \u0111\u01b0\u1ee3c truy\u1ec1n t\u1ea3i. Do \u0111\u00e2y l\u00e0 th\u00e0nh ph\u1ea7n c\u1ee7a m\u1ed9t s\u1ea3n ph\u1ea9m th\u01b0\u01a1ng m\u1ea1i h\u1ee3p ph\u00e1p, nhi\u1ec1u gi\u1ea3i ph\u00e1p antivirus d\u1ef1a tr\u00ean ch\u1eef k\u00fd c\u00f3 th\u1ec3 kh\u00f4ng coi l\u00e0 m\u00e3 \u0111\u1ed9c.<\/p>\n

Tr\u01b0\u1edbc nguy c\u01a1 l\u00e2y nhi\u1ec5m \u00e2m th\u1ea7m v\u00e0 kh\u00f3 b\u1ecb ph\u00e1t hi\u1ec7n, c\u00e1c \u0111\u01a1n v\u1ecb qu\u1ea3n tr\u1ecb c\u1ea7n ch\u1ee7 \u0111\u1ed9ng b\u1ed5 sung m\u00e3 b\u0103m SHA 256 v\u00e0 domain uswebzoomus[.]com v\u00e0o danh s\u00e1ch ch\u1eb7n. Ng\u01b0\u1eddi d\u00f9ng t\u1eebng truy c\u1eadp trang gi\u1ea3 kh\u00f4ng n\u00ean m\u1edf t\u1ec7p \u0111\u00e3 t\u1ea3i. N\u1ebfu \u0111\u00e3 ch\u1ea1y tr\u00ecnh c\u00e0i \u0111\u1eb7t, thi\u1ebft b\u1ecb c\u1ea7n \u0111\u01b0\u1ee3c xem l\u00e0 \u0111\u00e3 b\u1ecb x\u00e2m nh\u1eadp. C\u1ea7n ki\u1ec3m tra th\u01b0 m\u1ee5c \u1ea9n trong C:\\ProgramData, x\u00e1c minh d\u1ecbch v\u1ee5 tsvchst c\u00f3 \u0111ang ho\u1ea1t \u0111\u1ed9ng hay kh\u00f4ng v\u00e0 thay \u0111\u1ed5i to\u00e0n b\u1ed9 m\u1eadt kh\u1ea9u t\u1eeb m\u1ed9t thi\u1ebft b\u1ecb s\u1ea1ch. C\u00e1c s\u1ef1 c\u1ed1 li\u00ean quan \u0111\u1ebfn c\u00f4ng vi\u1ec7c ph\u1ea3i b\u00e1o ngay cho b\u1ed9 ph\u1eadn IT ho\u1eb7c an ninh.<\/p>\n

\u0110\u1ec3 ph\u00f2ng tr\u00e1nh, ng\u01b0\u1eddi d\u00f9ng n\u00ean m\u1edf Zoom t\u1eeb \u1ee9ng d\u1ee5ng \u0111\u00e3 c\u00e0i \u0111\u1eb7t s\u1eb5n, t\u1ef1 g\u00f5 zoom.us tr\u00ean tr\u00ecnh duy\u1ec7t v\u00e0 th\u1eadn tr\u1ecdng v\u1edbi m\u1ecdi li\u00ean k\u1ebft h\u1ecdp b\u1ea5t ng\u1edd tr\u01b0\u1edbc khi nh\u1ea5p v\u00e0o.
\n\u200b<\/p><\/div>\n

Theo Cyber Security News<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"

Ch\u1ec9 trong 12 ng\u00e0y, m\u1ed9t website gi\u1ea3 m\u1ea1o trang c\u1eadp nh\u1eadt Zoom \u0111\u00e3 \u00e2m th\u1ea7m bi\u1ebfn 1.437 m\u00e1y t\u00ednh Windows th\u00e0nh c\u00f4ng c\u1ee5 theo d\u00f5i t\u1eeb xa. Kh\u00f4ng khai th\u00e1c l\u1ed7 h\u1ed5ng ph\u1ee9c t\u1ea1p, k\u1ebb t\u1ea5n c\u00f4ng l\u1ee3i d\u1ee5ng t\u00e2m l\u00fd ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1ed9t ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p \u0111\u1ec3 c\u00e0i c\u1eafm t\u00e1c nh\u00e2n gi\u00e1m […]<\/p>\n","protected":false},"author":20,"featured_media":47433,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47432","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47432"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47432\/revisions"}],"predecessor-version":[{"id":47434,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47432\/revisions\/47434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47433"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}