Skip to main

Woburn, MA – February 1, 2021 – As the pandemic continues and schools experience renewed closures or use hybrid models of in-person and remote, the education sector is attracting the attention of cybercriminals. From July to December 2020, 270,171 users encountered threats disguised as popular learning platforms, an increase of 60%, compared to the first half of the year.

Last spring, more than 1 billion schoolchildren around the globe were affected by school closures as countries attempted to slow rising infection rates. For many, that meant a switch to emergency remote learning. The transition left many students and educators vulnerable to cyber risks.

Now, schools around the globe are once again closing as countries fight a resurgence in infections. This has led to more undesirable consequences online.

From January to June 2020, the total number of users who encountered threats distributed under the guise of popular online learning platforms or video conferencing applications was 168,550, a 20,455% increase compared to the same period in 2019. This number continued to grow from July to December. In January 2021, the number of users encountering such threats reached 270,171, a 60% increase compared to the first half of 2020.


Comparison of users encountering various threats disguised as popular online learning/video conferencing platforms January-June 2020 vs July-December 2020

The most popular lure was, by far, Zoom. This is not surprising, given that Zoom is the most popular platform for virtual meetings, with more than 300 million daily meeting participants. The second most popular was Moodle, followed by Google Meet. The number of users who encountered threats disguised as popular online learning/video conference platforms increased for all but one platform; Google Classroom.

About 98% of the threats encountered were in the not-a-virus category, which is divided into riskware and adware. Adware bombards users with unwanted ads, while riskware consists of various files – from browser bars and download managers to remote administration tools – that may carry out various actions on your computer without your consent. Trojans made up roughly 1% of the threats encountered.

Users typically encounter threats disguised as popular video meeting apps and online course platforms through fake application installers, which they may encounter on unofficial websites designed to look like the original platforms or emails disguised as special offers or notifications from the platform.

“Unfortunately, until all students are back in the classroom full-time, educational institutions will continue to be a popular target for criminals, particularly since this sector has traditionally not prioritized its cybersecurity,” said Anton Ivanov, security expert at Kaspersky. “However, the pandemic has made it clear that this has to change, especially since technology is increasingly being incorporated in the classroom—virtual learning or not.”

To help educators and their students stay secure when using digital tools in the classroom, Kaspersky has put together a variety of resources, including an online course that teaches cybersecurity best practices. You can explore the toolkit here:

For more on the cyber risks of the online classroom, you can read the full report on Securelist.

To stay safe from malware and other threats disguised as video conferencing apps and online learning platforms:

  • Do not download any unofficial versions or modifications of these applications. Look for information about the developer and choose the official app stores.
  • Use different, strong passwords for each of your accounts. You do not need to remember them all if you use a solution like Kaspersky Password Managerthat generates and secures unique passwords.
  • Always make sure you are on the official company website before proceeding to download anything to your device. Fake websites may look just like the real thing, so you should always double-check the URL format and spelling of the company name before you download anything.
  • Use a reliable security solution like Kaspersky Security Cloud that delivers advanced protection on all your devices.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at

Media Contact

Sawyer Van Horn

(781) 503-1866

Threats disguised as popular online learning platforms on the rise

Kaspersky Logo