RATs spread via fake Skype, Zoom and Google Meet sites


Cybersecurity researchers have discovered a new cyber threat involving fraudulent Skype, Google Meet and Zoom websites aimed at spreading malware.

The campaign, discovered in December 2023 by Zscaler’s ThreatLabz, saw the perpetrators distribute the SpyNote remote access Trojan (RAT) to Android users and NjRAT and DCRat to Windows users. These malicious URLs and files have been identified on fake online meeting websites, posing significant risks to users.

The attackers used shared web hosting, hosting all the fake meeting sites on a single IP address, all in Russian. Fake sites closely mimic real platforms, making them more convincing to unsuspecting users.

“When a user visits one of the fake sites, clicking the Android button initiates the download of a malicious APK file, while clicking the Windows button triggers the download of a BAT file,” it reads in the notice published Tuesday by Zscaler. “The BAT file, when executed, performs additional actions, ultimately leading to the download of a RAT payload.”

The first scam site, join-skype(.)info, targeted Skype users with a fake app download. Similarly, a fake Google Meet site, online-cloudmeeting(.)pro, and a fake Zoom site, us06webzoomus(.)pro, were created to trick users into downloading malware-laden files.

Read more about similar attacks: Konni campaign deploys advanced RAT with UAC evasion capabilities

Zscaler said its sandbox plays a crucial role in investigating these malicious campaigns, analyzing file behavior, identifying threat scores, and identifying specific attack techniques. The platform detected payloads associated with various threat names, reinforcing the importance of comprehensive security protocols.

According to the company, the malicious campaigns highlight the evolving cybersecurity threat landscape, underscoring the importance of robust security measures.

“Our research shows that businesses can be subject to threats that impersonate online meeting applications” the board explain. “As cyber threats continue to evolve and become more complex, it is essential to remain vigilant and take proactive steps to protect against them. »

Leave a comment