It'll do that with any application on the Mac, this is not peculiar to Zoom. The Time Machine backup is, as far as the Finder is concerned, just another volume. It'll prefer applications on the root volume, but it'll launch them from other volumes as well.
So as long as the victim has time machine enabled and had an attack tool on their computer within the TM timeframe… the attacker could at any time re-initiate that tool from the grave? That's a huge security logic hole…
