- I use this cheap Android tablet more than my iPad Pro - and it costs a fraction of the price
- One of my favorite budget tablets this year managed to be replace both my Kindle and iPad
- Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP
- How to detect this infamous NSO spyware on your phone for just $1
- I let my 8-year-old test this Android phone for kids. Here's what you should know before buying
Skype, Google Meet, and Zoom Used in New Trojan Scam Campaign
A threat actor has been distributing remote access Trojans (RATs) on Android and Windows operating systems using online meeting lures, according to cloud security provider Zscaler.
This campaign has been ongoing since at least December 2023, observed Zscaler’s threat intelligence team, ThreatLabz.
The distributed RATs include Android-focused SpyNote RAT and Windows-focused NjRAT and DCRat.
Malicious APKs and BAT Files Leading to RAT Payloads
To lure its victims into downloading the RATs, the threat actor created several fake online meeting sites, impersonating brands like Microsoft-owned Skype, Google Meet and Zoom.
“All of the fake sites were in Russian,” noted Zscaler ThreatLabz researchers.
The attacker utilized shared web hosting services to host all these websites on a single IP address. The first one was created in early December 2023 with a URL that resembles the legitimate Skype URL.
When a user visits one of the fake sites, clicking on the Android button initiates the download of a malicious APK file, while clicking on the Windows button triggers the download of a BAT file, a script in Windows that automates tasks. When executed, this BAT file performs additional actions, ultimately leading to the download of a RAT payload.
In some cases, an Apple App Store button is also available. However, this button redirects to https://go.skype.com/skype.download.for.phone.iphone, indicating that the threat actor was not targeting iOS users with malware.
The three RATs hosted by the threat actor, SpyNote RAT, NjRAT and DCRat, can steal confidential information and files and log keystrokes.