- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
RATs Spread Via Fake Skype, Zoom, Google Meet Sites
Cybersecurity researchers have uncovered a new cyber-threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware.
The campaign, uncovered in December 2023 by Zscaler’s ThreatLabz, saw perpetrators distributing the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files were identified on fake online meeting websites, posing significant risks to users.
The attackers utilized shared web hosting, housing all fake meeting sites on a single IP address, all in Russian. The fake sites closely mimicked genuine platforms, making them more convincing to unsuspecting users.
“When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file,” reads the advisory published by Zscaler on Tuesday. “The BAT file, when executed, performs additional actions, ultimately leading to the download of a RAT payload.”
The first fraudulent site, join-skype[.]info, targeted Skype users with a fake application download. Similarly, a fake Google Meet site, online-cloudmeeting[.]pro, and a fake Zoom site, us06webzoomus[.]pro, were created to deceive users into downloading malware-laden files.
Read more on similar attacks: Konni Campaign Deploys Advanced RAT With UAC Bypass Capabilities
Zscaler said its sandbox played a crucial role in the investigation of these malicious campaigns, in analyzing file behavior, identifying threat scores and pinpointing specific attack techniques. The platform detected payloads associated with various threat names, reinforcing the significance of comprehensive security protocols.
According to the company, the malicious campaigns underscore the evolving landscape of cybersecurity threats, highlighting the importance of robust security measures.
“Our research demonstrates that businesses may be subject to threats that impersonate online meeting applications,” the advisory explained. “As cyber threats continue to evolve and become increasingly complex, it is critical to remain alert and take proactive measures to protect against them.”
