RATs Spread Via Fake Skype, Zoom, Google Meet Sites

Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware. 

The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on fake online meeting websites, posing significant risks to users.

The attackers utilized shared web hosting, housing all fake meeting sites on a single IP address, all in Russian. The fake sites closely mimicked genuine platforms, making them more convincing to unsuspecting users.

“When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file,” reads the advisory published by Zscaler on Tuesday. “The BAT file, when executed, performs additional actions, ultimately leading to the download of a RAT payload.”

The first fraudulent site, join-skype[.]info, targeted Skype users with a fake application download. Similarly, a fake Google Meet site, online-cloudmeeting[.]pro, and a fake Zoom site, us06webzoomus[.]pro, were created to deceive users into downloading malware-laden files.

Read more on similar attacks: Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities

Zscaler said its sandbox played a crucial role in the investigation of these malicious campaigns, in analyzing file behavior, identifying threat scores and pinpointing specific attack techniques. The platform detected payloads associated with various threat names, reinforcing the significance of comprehensive security protocols.

According to the company, the malicious campaigns underscore the evolving landscape of cybersecurity threats, highlighting the importance of robust security measures. 

“Our research demonstrates that businesses may be subject to threats that impersonate online meeting applications,” the advisory explained. “As cyber threats continue to evolve and become increasingly complex, it is critical to remain alert and take proactive measures to protect against them.”

Credit: Source link

Comments are closed.