Cybersecurity researchers have uncovered a brand new cyber-threat involving fraudulent Skype, Google Meet and Zoom web sites aimed toward spreading malware.
The marketing campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, noticed perpetrators distributing the SpyNote distant entry Trojan (RAT) to Android customers and NjRAT and DCRat to Home windows customers. These malicious URLs and information had been recognized on pretend on-line assembly web sites, posing vital dangers to customers.
The attackers utilized shared website hosting, housing all pretend assembly websites on a single IP tackle, all in Russian. The pretend websites carefully mimicked real platforms, making them extra convincing to unsuspecting customers.
“When a consumer visits one of many pretend websites, clicking on the Android button initiates the obtain of a malicious APK file, whereas clicking on the Home windows button triggers the obtain of a BAT file,” reads the advisory printed by Zscaler on Tuesday. “The BAT file, when executed, performs extra actions, finally resulting in the obtain of a RAT payload.”
The primary fraudulent website, join-skype[.]information, focused Skype customers with a pretend software obtain. Equally, a pretend Google Meet website, online-cloudmeeting[.]professional, and a pretend Zoom website, us06webzoomus[.]professional, had been created to deceive customers into downloading malware-laden information.
Learn extra on comparable assaults: Konni Marketing campaign Deploys Superior RAT With UAC Bypass Capabilities
Zscaler mentioned its sandbox performed an important function within the investigation of those malicious campaigns, in analyzing file conduct, figuring out menace scores and pinpointing particular assault strategies. The platform detected payloads related to varied menace names, reinforcing the importance of complete safety protocols.
In accordance with the corporate, the malicious campaigns underscore the evolving panorama of cybersecurity threats, highlighting the significance of sturdy safety measures.
“Our analysis demonstrates that companies could also be topic to threats that impersonate on-line assembly functions,” the advisory defined. “As cyber threats proceed to evolve and develop into more and more complicated, it’s important to stay alert and take proactive measures to guard towards them.”
