Zscaler’s ThreatLabz has uncovered a sophisticated campaign by a new threat actor distributing multiple malware families through counterfeit online meeting platforms.
Description
The threat actor targets Android and Windows users by creating fake Skype, Google Meet [1] [2] [3] [4] [5] [6] [7] [8], and Zoom websites to distribute SpyNote RAT [2], NjRAT [1] [2] [3] [4] [5] [6] [7] [8], and DCRat malware [2]. These fraudulent sites closely mimic the legitimate platforms, with URLs that deceive users into downloading malicious files. Android users are prompted to download harmful APK files, while Windows users are led to download BAT files containing RAT payloads. The fake Skype site distributes Skype8exe and Skypeapk [5], the fake Google Meet site distributes updateZoom20243001bitbat and ZoomDirectUpdateexe containing DCRat [5], and the fake Zoom site distributes Zoom02apk containing SpyNote RAT [5]. Additionally, open directories on the fake Google Meet and Zoom sites contain additional malicious files named driverexe and meetexe [5], which are NjRAT [5]. iOS users were not targeted with malware, as evidenced by the redirection of the Apple App Store button to a legitimate Skype URL [1]. The deployed RATs have the capability to steal confidential information, files [1] [2] [3] [4] [5] [6] [7], and log keystrokes [1] [4] [6] [7], emphasizing the need for robust security measures to protect against evolving malware threats [5]. The impersonation of reputable brands like Skype [7], Google Meet [1] [2] [3] [4] [5] [6] [7] [8], and Zoom poses a high risk to user privacy and threatens the trust and reputation of these platforms.
Conclusion
To protect against such threats, it is recommended to double-check URLs [8], verify meeting invitations [8], download software from official sources [2] [8], and use antivirus and anti-malware software [8]. The impacts of these malware campaigns highlight the importance of cybersecurity measures, while the impersonation of trusted brands underscores the need for vigilance and caution in online interactions. Moving forward, organizations and individuals must remain vigilant against evolving threats and implement proactive security measures to safeguard against malicious actors.
References
[1] https://www.infosecurity-magazine.com/news/skype-google-meet-zoom-trojan-scam/
[2] https://bnnbreaking.com/tech/cybersecurity/malware-masquerade-fake-skype-zoom-google-meet-sites-distribute-rats-zscaler-reports
[3] https://allinfosecnews.com/item/android-and-windows-rats-distributed-via-online-meeting-lures-2024-03-05/
[4] https://securityboulevard.com/2024/03/android-and-windows-rats-distributed-via-online-meeting-lures/
[5] https://www.zscaler.com/blogs/security-research/android-and-windows-rats-distributed-online-meeting-lures
[6] https://ciso2ciso.com/skype-google-meet-and-zoom-used-in-new-trojan-scam-campaign-source-www-infosecurity-magazine-com/
[7] https://news.cloudsek.com/2024/03/fake-skype-google-meet-and-zoom-websites-serve-as-trojan-horse-for-rat-infiltration/
[8] https://www.443news.com/2024/03/fake-skype-zoom-google-meet-sites-infecting-devices-with-multiple-rats/