- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
RATs Spread Via Fake Skype, Zoom, Google Meet Sites
Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware.
The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on fake online meeting websites, posing significant risks to users.
The attackers utilized shared web hosting, housing all fake meeting sites on a single IP address, all in Russian. The fake sites closely mimicked genuine platforms, making them more convincing to unsuspecting users.
“When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file,” reads the advisory published by Zscaler on Tuesday. “The BAT file, when executed, performs additional actions, ultimately leading to the download of a RAT payload.”
The first fraudulent site, join-skype[.]info, targeted Skype users with a fake application download. Similarly, a fake Google Meet site, online-cloudmeeting[.]pro, and a fake Zoom site, us06webzoomus[.]pro, were created to deceive users into downloading malware-laden files.
Read more on similar attacks: Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Zscaler said its sandbox played a crucial role in the investigation of these malicious campaigns, in analyzing file behavior, identifying threat scores and pinpointing specific attack techniques. The platform detected payloads associated with various threat names, reinforcing the significance of comprehensive security protocols.
According to the company, the malicious campaigns underscore the evolving landscape of cybersecurity threats, highlighting the importance of robust security measures.
“Our research demonstrates that businesses may be subject to threats that impersonate online meeting applications,” the advisory explained. “As cyber threats continue to evolve and become increasingly complex, it is critical to remain alert and take proactive measures to protect against them.”