Hackers are, as soon as once more, impersonating main tech manufacturers to trick individuals into downloading malware to their computer systems, specialists have warned.
Cybersecurity researchers from the Zscaler ThreatLabz not too long ago found a brand new marketing campaign, during which unidentified risk actors created numerous web sites whose URL is sort of similar to precise web sites belonging to the likes Google, Skype, and Zoom.
This methodology is also referred to as “typosquatting”, and depends on the truth that many individuals received’t spot a “typo” within the URL, and can consider they’re on the authentic web site as an alternative of a malicious one.
Websites in Russian
The web sites faux to host video conferencing software program, comparable to Google Meet and the likes. The software program affords obtain hyperlinks for Home windows, Android, and iOS. Nevertheless, whereas the iOS hyperlink doesn’t do something malicious (it redirects the customers to the precise product), the Android and Home windows ship malware. For Android, it’s nothing greater than an APK, however for Home windows, it initiates the obtain of a batch script.
That batch executes a PowerShell script, which downloads and runs one of some distant entry trojans (RAT) noticed within the marketing campaign – Spynote RAT (Android), NjRAT, or DCRat (Home windows).
The marketing campaign has been energetic since December 2023, with the researchers including that the spoofed websites are Russian, indicating that the risk actors are both Russian themselves, or just focusing on Russian customers.
“The risk actor is distributing Distant Entry Trojans (RATs) together with SpyNote RAT for Android platforms, and NjRAT and DCRat for Home windows techniques,” they added.
The RATs can be utilized for a wide selection of malicious actions, from stealing delicate data from the units, to logging keystrokes, and exfiltrating information. The strategies of selling these web sites is unknown, however it’s secure to imagine that there’s a phishing marketing campaign energetic someplace on the web, and that the websites are being actively promoted on social media and varied on-line boards.
By way of TheHackerNews
