Beginning in December 2023, Zscaler’s ThreatLabz uncovered a disturbing trend: a threat actor deploying fake Skype, Google Meet, and Zoom websites to disseminate malware. This actor targets both Android and Windows users, distributing SpyNote RAT for Android devices and NjRAT and DCRat for Windows systems. By mimicking legitimate online meeting platforms, the threat actor lures unsuspecting users into downloading malicious software, posing a significant cybersecurity threat.
The attacker’s modus operandi involves utilizing shared web hosting to host multiple fraudulent online meeting sites, all centralized on a single IP address. Remarkably, these fake sites are predominantly in Russian, with URLs closely resembling those of the authentic platforms. This strategy of deception aims to exploit users’ trust in familiar applications, increasing the likelihood of malware installation and subsequent cyber attacks.
The implications of these findings are profound: businesses are vulnerable to sophisticated threats that impersonate essential communication tools. Moreover, the distributed Remote Access Trojans (RATs) can compromise sensitive information, log keystrokes, and pilfer files, exposing organizations to grave security risks. To mitigate such threats, organizations must adopt robust cybersecurity measures, including regular updates, security patches, and employee training to recognize and avoid potential risks.
