Zoom Video Communications Inc. continues to surge in popularity during the COVID-19 pandemic even as yet another security vulnerability has been revealed.

Chief Executive Officer Eric Yuan revealed during a webinar on April 22 that the company now has more than 300 million daily users, up 50% from 200 million users it had at the beginning of the month.

“Clearly, the Zoom platform is providing an incredibly valuable service to our beloved users during this challenging time,” Yuan said. “We are thrilled and honored to continue to earn the trust of so many enterprises, hospitals, teachers and customers throughout the world.”

Zoom has been the No. 1 app of the pandemic, with millions using the videoconferencing service as they’re forced to work from home. After surging to the top of app charts in March, Zoom still remains at the top on both iOS and Android, according to data from App Annie.

With that popularity has come increased scrutiny over its security and Zoom has struggled. Various security vulnerabilities have been uncovered and there’s yet a new one.

Detailed Wednesday by Daniel Petrillo at Morphisec Technologies Ltd., the newly discovered vulnerability in the Zoom app allows potential attackers to record Zoom sessions and capture text chats without the knowledge of meeting participants.

“The trigger (evading detection) is a malware that injects its code into a Zoom process without any interaction of the user and even if the host did not enable the participant to record,” Petrillo explains. “When recording in this way, none of the participants are notified that the session is being recorded while the malware fully controls the output.”

Petrillo noted that this works on the latest version of Zoom with antivirus and security features turned on. That said, Zoom did announce the new 5.0 version of its client and app Wednestday. Whether the vulnerability exploited by the malware is present in the new version is unknown. Petrillo noted that Morphisec has informed Zoom of the vulnerability.

Zoom has doubled down on addressing security issues. The company announced April 2 that it was freezing feature development for 90 days to focus on enhancing security and privacy for users.

Photo: Zoom