Android/data//files/Download/zoom.apkĪs expected, the vast majority of these binaries are generically saved to the Download folder. A simple query in our threat intelligence repository shows the following file paths and binary occurrences for official Zoom binaries. So, how can we know whether an APK is installed from a third-party or from a sanctioned market? The answer is simple: we look at the file paths of specific scanned binaries that have the fingerprints of known Zoom APK versions. We can only extrapolate from this that people are confused as to where to download Zoom, so they resort to Google searches which might take them to third-party markets or other unofficial (read risky and questionable) distribution points. Europe third-party Zoom downloads for the past 3 weeks
