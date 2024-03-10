



We've all come to live in a world of endless online meetings that make up a large part of our work lives. However, be aware that some of those meetings may suddenly turn out to be more dangerous than you think…

Online meetings have become even more dangerous, so be careful

It turns out that a boring online meeting might not be the worst thing that can happen when an invitation to another Zoom or Google Meet comes along. Starting in December 2023, Zscaler researchers just warned: [we] We discovered threat actors creating malicious Skype, Google Meet, and Zoom websites to spread malware. This threat targets both Android and Windows users.

The attackers behind this new attack have designed a fake website that tricks users into installing malware, and the entire process is similar to the original one where users can download the application by following the instructions in the meeting link. is designed to replicate your installation site.

The attack was initially caught targeting users in Russia, but it has the potential to spread further by using fake URLs and websites that look very similar to the real ones. Once a user visits one of the fake sites, clicking the Android button will initiate the download of a malicious APK file, and clicking the Windows button will initiate the download of the BAT file. When executed, the BAT file performs additional actions that ultimately lead to the download of the RAT payload.

Dangerous Google Meet links

Z scaler

The specific RATs identified by Zscalers researchers were SpyNote for Android and both NjRAT and DCRat for Windows systems. To explain a bit about the threat this malware poses, SpyNote can more or less take over your entire device, capture user information and files, read private messages, eavesdrop on your phone's microphone, and trigger screen recordings. There is a possibility.

Zscaler also reported fraudulent Skype meetings being used as part of the campaign, but Zoom and Google Meet are perhaps the most alarming given their widespread use across the enterprise.The fake Google Meet website is online-cloudmeeting[.]pro, Zoom site is us06webzoomus[.]Professional.

Another further indicator of fraud here is that the campaign targeted only Windows and Android, directing users to a legitimate website on iOS.

Dangerous Zoom meeting links

Z scaler

The use of fake websites to trick users into clicking on seemingly trustworthy links is now out of control. Also, most scam emails (in this case invitation emails) are obvious if you look carefully, but he only gets fooled once. Criminals hope they can manipulate users into thinking these spoofed communications are genuine, allowing them to download malicious software, send money, or provide personal, financial, or other information. The FBI warns that you may also disclose other sensitive information.

This campaign is clever in that it relies on users casually clicking on the meeting URL without looking at it carefully, making it easier to execute than a website. And remember, as these researchers warn, the attackers were hosting these fake sites using URLs that closely resembled her real website. Therefore, caution is advised.

I reached out to Google, Zoom, and Microsoft for comment on this report.

The campaign involves sharing links in messages via email and social media that are intended to trick victims into clicking. As always, we now know that this threat is out in the wild, so be very careful. Do not install these meeting apps or log into the meeting itself using a genuine site with an obviously original URL. When in doubt, check the source of the link or invitation.

Here are five other simple rules that are always worth following.

Use official app stores, avoid third-party stores, and don't change your device's security settings to allow apps to load. Check the developer in the app description. Do you have a favorite? Then check the reviews to see if they are genuine or fake. Don't give permissions to apps you don't need. Flashlights and stargazing apps don't require access to your contacts or phone. Also, never grant accessibility permissions that facilitate device control unless necessary. Once a month, scan your device and remove some apps you no longer need or haven't used in a long time. Don't install apps that link to existing apps unless you know for a fact that the established apps have legitimate check reviews and online writing.

Zscaler warns that businesses may be exposed to threats masquerading as online conferencing applications. In this example, the attacker uses these lures to distribute a RAT to her Android and Windows that can steal sensitive information, log keystrokes, and steal files.

You have been warned.

